At least six Russia-aligned nation-state actors launched more than 237 cyber attack operations against Ukraine shortly before the start of the war, through ‘phishing’ type attacks with which to steal credentials and exploit applications via remote control.
This is one of the conclusions reached by Microsoft in a recent report in which details the activity carried out by Russian malicious agents in the neighboring country.
With this report, the company intends to provide information about the scope, scale, and methods used by Russian cybercriminals as part of the hybrid warfare on a large scale in Ukraine and provide strategies to organizations at risk of these attacks.
Microsoft has noted that at least six Russian advanced persistent threat (APT) actors have carried out destructive attacks and cyber espionage operations to disrupt or downgrade government functions ukrainian
In this regard, the company points out that on March 1, the day Russia announced its intention to attack a television tower in kyiv, operators associated with the Russian Central Intelligence Department (GRU) attacked hundreds of Ukrainian government systems, as well as financial organizations and energy companies.
The report points out that there were about 40 destructive attacks of which 32 percent were addressed to national, local and regional government organizations.
On the other hand, the 40 percent of attacks they were destined for organizations in the infrastructure sector, which could have had negative effects on the army, the economy and the ukrainian citizenship.
Microsoft has warned that these attacks “are likely aimed at undermining Ukraine’s political will and ability to continue the fight, while also facilitating intelligence gathering that could provide tactical or strategic advantages to Russian forces”.
In addition to the institutions, these cyberattacks have tried to interrupt the population’s access to reliable information, commenting on the expansion of false news (‘fake news’), since critical essential services.
TYPES OF ATTACKS
The company has stressed that the actors involved in these attacks have carried out a wide variety of techniques to be able to access these systems and the information they contain.
The ‘phishing’ and the use of vulnerabilities that do not have security patches and compromise IT service providers are some of the techniques that cybercriminals have taken advantage of to carry out their actions.
Specifically, on this occasion a Russian-aligned nation-state actor called Iridium has largely used wiper-type ‘malware’, capable of completely blocking the target system and from which the company has previously warned.
Microsoft has also reported that it has observed these Russian government-related actors operating in Ukraine conducting similar operations against organizations in the Baltic and Turkey, NATO member states providing political and humanitarian support to Ukraine.
The main concern of the technology company that has carried out this study lies in the attacks that occur against Ukrainian civilian digital targets such as humanitarian aid centers.
This is because Russian nation-state actors may find the opportunity to expand their destructive actions beyond the borders of the neighboring country to retaliate against those states that have assisted Ukraine militarily.
To conclude, Microsoft has disclosed some of the Russian cyber operations that have been carried out so far in the conflict, among which are the theft of credentials and the exploitation of applications through remote control.
Likewise, to avoid these attacks, the technology company proposes to reinforce the protection of the identities of user accounts, enabling multi-factor authentication and betting on solutions ‘antimalware’.
It also urges Ukrainian companies and organizations or those related to this country to have a security strategy or protocol that takes into account the risk of suffering these attacks.
With this, he has recalled the availability of complete guides detailing how to protect these systems and the characteristics of the Microsoft Defender software.