The cyber weapon is at the heart of Russia’s military strategy in Ukraine, to the point that Microsoft speaks of a “hybrid war” (half-military, half-cyber) in a recent report on the use of cyberattacks against Ukraine by groups affiliated with the Kremlin.
“Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly synchronised with its kinetic military operations targeting essential civilian services and institutions,” said Microsoft President Brad Smith.
On 23 February, the day before the invasion of Ukraine, operators linked to the GRU reportedly launched destructive cyberattacks on hundreds of Ukrainian government, IT, energy, and financial organisations.
Between 24 February and 8 April, 37 destructive malware attacks targeted Ukraine through 8 known destructive malware families, including FoxBlade, FiberLake, IsaacWiper/HermeticWiper/SonicVote, CaddyWiper, Industroyer2, and Pipedream. In many cases, the malware uses the SecureDelete utility to erase critical data.
“More than 40% of destructive attacks targeted organisations in critical infrastructure sectors that could have second-order negative effects on the government, military, economy, and population,” says Microsoft.
In addition, 32% of destructive incidents affected Ukrainian government organisations at the national, regional, or municipal levels. Microsoft also observed that these cyberattacks generally escalated following Russian diplomatic failures.