Russia-linked threat actors launched hundreds of cyberattacks on Ukraine

Microsoft revealed that Russia launched hundreds of cyberattacks against Ukraine since the beginning of the invasion.

Microsoft states that at least six separate Russia-linked threat actors launched more than 237 operations against Ukraine starting just before the invasion.

The cyber attacks included destructive wipers that were used to target critical infrastructure in a hybrid war against Ukraine. Wiper families employed in the attacks include:
• WhisperGate / WhisperKill
• FoxBlade, aka Hermetic Wiper
• SonicVote, aka HermeticRansom
• CaddyWiper
• DesertBlade
• Industroyer2
• Lasainraw, aka IssacWiper
• FiberLake, aka DoubleZero

“Starting just before the invasion, we have seen at least six separate Russia-aligned nation-state actors launch more than 237 operations against Ukraine – including destructive attacks that are ongoing and threaten civilian welfare.” reads the report published by Microsoft. The destructive attacks have also been accompanied by broad espionage and intelligence activities. The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership.”

Microsoft also reported having observed limited cyber espionage attacks aimed at other NATO member states, along with disinformation campaigns. 

Microsoft states that Russia-linked threat actors involved in the attacks include APT28, EnergeticBear, Gamaredon, Sandworm, Turla, DEV-0586, and Nobelium.

The experts pointed out that starting just before the invasion threat actors linked to the military intelligence service GRU launched destructive wiper attacks on hundreds of systems in Ukraine. More than 40% of the destructive attacks hit critical infrastructure sectors, the target have been chosen to impact the government, military, economy, and people. 32% percent of destructive attacks were aimed at Ukrainian government organizations at the national, regional, and city levels.

“Based on Russian military goals for information warfare, these actions are likely aimed at undermining Ukraine’s political will and ability to continue the fight, while facilitating collection of intelligence that could provide tactical or strategic advantages to Russian forces” reads the report published by Microsoft.

“Given Russian threat actors have been mirroring and augmenting military actions, we believe cyberattacks will continue to escalate as the conflict rages. Russian nation-state threat actors may be tasked to expand their destructive actions outside of Ukraine to retaliate against those countries that decide to provide more military assistance to Ukraine and take more punitive measures against the Russian government in response to the continued aggression.” Microsoft concludes.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ukraine)

[adrotate banner=”5″]

[adrotate banner=”13″]