microsoft posted a intelligence report on the ukraine war exposing Russia’s cyberattack strategy during the invasion. Brad Smith, president of the Redmond company, stated that armed conflict is not only fought on the front lines, but also includes coordinated attacks on data centers, infrastructure and allied countries that give support to the government of Volodímir Zelenski.
According to Smith, the Ukraine war reflects a trend seen in other major conflicts. “Countries fight wars using the latest technology, and wars themselves accelerate technological change,” she declared. The president of Microsoft indicates that the Kremlin’s strategy consists of destructive cyberattacks inside Ukraine, network penetration and espionage outside Ukraineas well as cyber influence operations — propaganda and fake news — addressed to everyone.
Microsoft’s report yields five relevant conclusions after four months of war, which can be used as a reference for future conflicts. The technology points out that defense against a military invasion requires that most countries have ability to disburse and distribute data assets to other countries.
Taking Ukraine as an example, Russia attacked key data centers and facilities with artillery during the first days of the invasion. At the same time, it carried out cyberattacks on banks and government institutions in order to infect computers with malware known as wiper, which destroys all information on infected computers. Given this, Microsoft points out that you need to be prepared to move digital infrastructure to the cloud in data centers in other countries.
Russia attacked humanitarian organizations and governments of 42 countries
The cyber attacks with wiper (or cleaner) not only targeted the government, but also 48 Ukrainian agencies and companies. The report points out an important detail in this part of the Russian offensive, which is that this type of attack was confined to domains of Ukraine. Unlike NoPetya, which caused global chaos in 2017, the Russians were careful to define specific targets.
Although cyber-attacks with wipers targeted Ukraine, hackers linked to the Kremlin tried to compromise more than 128 organizations from 42 countries. Russia led the digital offensive against the United States, Poland and Baltic countries that coordinated the aid delivery. Microsoft detailed that Denmark, Norway, Finland, Sweden and Turkey are among the victims, as well as other NATO members. The attacks not only affected government offices of allied countries, but also humanitarian organisations, IT companies and critical infrastructure providers.
The report exposes the dangers of relying solely on on-premises infrastructure and not the cloud. the russians are capable of violating networks and local equipment, such as what happened in SolarWinds, where attackers inserted malicious code into legitimate software updates. This allowed hackers from the Kremlin-linked Cozy Bear collective to access networks of the Treasury Department, the Department of Homeland Security and other US offices.
Propaganda, the axis of Russian strategy
Although artillery and malware attacks are important in Russia’s invasion of Ukraine, a vital component of the strategy is to manipulate information. Microsoft indicates that Russian agencies are focusing their influence operations on four fronts:
- The Russian population, to maintain support for the war
- The population of Ukraine, to undermine confidence in the will and ability of the country to deal with the war
- Americans and Europeans, to create division and deflect criticism of Russian war crimes
- Non-allied countries, to maintain their support at the UN and elsewhere.
Microsoft mentions that influence operations take advantage of the polarization that exists in the world today. Russia positions false narratives about the war and take advantage of official channels and social networks to transmit fake news to audiences around the world. The Russian operations build on others carried out in 2021, when they distributed false information about COVID-19 that sought to discourage vaccination.
Brad Smith mentions that the lessons in the Ukraine require a coordinated strategy to strengthen defenses in all fields. Microsoft points out that there needs to be more public and private collaboration, as well as close collaboration between governments. It is necessary to develop advances in digital technology, artificial intelligence and data to counter cyber attacks in the future.