Russian Cyberattacks on Ukraine Underscored By MicrosoftData Wipers and Phishing Remain Widely Used Attack Tools in the Kremlin's War
Russia began its hacking war against Ukraine even before it sent troops to invade its southern neighbor, software giant Microsoft says in a call for public-private collaboration to thwart Kremlin hackers.
In the hours leading up to the Russian invasion, a data wiper Microsoft dubs FoxBlade was already working its way to Ukrainian computers maintaining critical infrastructure. The wiper was the first of many cyberweapons detected, and for the most part, stopped, the company disclosed Wednesday.
A report from the maker of the world's most ubiquitous operating system depicts active cyber scrimmage between Russia and Ukraine and Russia and a slew of other countries.
Moscow has been careful to confine its data wiping malware to Ukrainian network domains, marking an increase in sophistication from its 2017 NotPetya attack that quickly leapfrogged into the rest of the world (see: NotPetya: From Russian Intelligence, With Love).
Threat indicators also show Russia attempting to infiltrate the networks of 128 organizations in 42 countries allied with Ukraine since the commencement of fighting. Nearly 3 in 10 of these attacks succeed and a quarter of those include exfiltration of data, Microsoft estimates - while acknowledging that the rate of Russian success could easily be greater.
The U.S. is a prime target, followed closely by Poland, a prime staging ground for international military and humanitarian aid flowing into Ukraine.
Underpinning the digital defense against Russian attacks is a coalition of countries, companies and nongovernmental organizations, company President Brad Smith writes on the company blog.
"Unlike the traditional threats of the past, cyber responses must rely on greater public and private collaboration," Smith says. The fact that a private company like Microsoft can publish a report detailing Russian hacking campaigns undertaken in support of a real-live invasion is proof enough of the "inevitable role that the technology sector plays in the cyber defense of nations in the world today," the company asserts.
Collaboration is a necessity, the company says. "There is only the question of whether it will be done well, and this requires both that leading technology companies adapt and that governments work with the private sector in new ways."
Ukraine in Focus
Ukraine has faced nearly 14 million suspicious cybersecurity or information security events over the first quarter of this year, the country's Cyber Rapid Response Team of the State Cyber Defense Center said in May (see: Ukraine Observed Nearly 14M Cyber Incidents in Q1 2022).
This trend has continued, with Russian military and intelligence agencies launching multiple waves of destructive cyberattacks against 48 Ukrainian governmental agencies, Smith says. The attacks involve phishing, data theft, password spraying and the deployment of data wipers such as CaddyWiper, Industroyer2 and FoxBlade.
The key lessons learned from the first four months of the war, Smith says, are that it is imperative to have:
- Cross-border cyber operational capabilities;
- Early cyberthreat intelligence and endpoint protection;
- Partnerships with other countries and private sector organizations;
- A plan to respond to misinformation spread via social media and digital platforms.
Days before Russia's invasion, Ukraine's Minister of Digital Transformation Mykhailo Fedorov migrated many of the government's digital operations and data into the cloud and away from servers housed on-premises within government buildings. A Ukrainian government data center was an early target of Russian missile attacks.