A report by Microsoft said on Wednesday Russian hackers appeared to be preparing a new wave of cyber attacks against Ukraine, including a ransomware-style threat to organizations serving Ukraine's supply lines.
A series of new discoveries about Russian hackers have operated during the Ukraine conflict and what may come next, a report by the tech giant s cyber security research and analysis team.
Microsoft has observed Russian cyber threat activity adjusting to boost the intelligence gathering capacity on Ukraine and its partners, as well as civilian and military assets since January 2023, according to the report. One group seems to be preparing for a new destructive campaign. Russia is introducing new troops to the battlefield in eastern Ukraine, according to Western security officials. Ukraine Defense Minister Oleksiy Reznikov warned last month that Russia could accelerate its military activities around the Feb. 24 anniversary of its invasion.
The tactic of combining physical military operations with cyber techniques mirrors previous Russian activity, according to experts.
Emma Schroeder, associate director of the Atlantic Council's Cyber Statecraft Initiative, said that combining kinetic attacks with efforts to disrupt or deny defenders ability to coordinate and use cyber-dependent technology is not a new strategic approach.
Microsoft discovered that a Russian hacking team, known as Sandworm, was testing additional ransomware-style capabilities that could be used in destructive attacks on organizations outside Ukraine that serve key functions in Ukraine's supply lines. A ransomware attack typically involves hackers penetrating an organization, encrypting their data, and extorting them for payment to regain access. In the past, ransomware has been used as a cover for more malicious cyber activity, including so-called wipers that simply destroy data.
Microsoft has discovered at least nine different wipers and two types of ransomware variants used against more than 100 Ukrainian organizations since January 2022, according to Microsoft.
These developments have been paired with a rise in Russian cyber operations designed to directly compromise organizations in countries allied to Ukraine, according to the report.
In nations throughout the Americas and Europe, particularly Ukraine's neighbors, Russian threat actors have sought access to government and commercial organizations that are involved in efforts to support Ukraine, said Clint Watts, general manager for Microsoft's Digital Threat Analysis Center.