Microsoft has warned of Russian-sponsored cyberattacks that will continue to target Ukrainian infrastructure and NATO allies in Europe throughout the winter.
Redmond said in a report released over the weekend that he observed a series of targeted attacks on infrastructure in Ukraine by the Russian military intelligence threat group Sandworm in association with missile strikes.
The attacks were accompanied by a propaganda campaign aimed at undermining Western (US, EU and NATO) support for Ukraine.
Russian propaganda has also sought to undermine European support for Ukraine and sow discord, with the ultimate goal of disrupting Ukraine’s aid and arms supply.
These attacks are expected to continue and may extend beyond Ukraine’s borders to target countries and companies providing the country with vital supplies.
Microsoft says Europe should prepare for “several lines of potential Russian attacks in the digital realm this winter.”
“We believe these recent trends suggest the world should be prepared for several lines of potential Russian attacks in the digital realm this winter,” the company said. said.
“Russia will seek to exploit cracks in popular support for Ukraine to undermine coalitions critical to Ukraine’s resilience, in hopes of harming humanitarian and military aid flowing to the region.
“We must also be prepared for cyber influence operations targeting Europe to be carried out alongside cyber threat activities.”
Sandworm is an elite Russian hacker group that has been active for at least two decades, previously linked to malicious campaigns leading to the 2015 and 2016 Ukrainian blackouts. [1, 2, 3]the KillDisk wiper attacks targeting Ukrainian banks, and NotPetya ransomware.
Russian threat actors target Ukraine and NATO allies
This report comes after Microsoft warned in June that Russian intelligence agencies (including the GRU, SVR and FSB) have intensified cyberattacks against the governments of countries that assisted Ukraine after Russia’s invasion, attempting to breach entities in dozens of countries around the world.
The vast majority of the attacks were primarily aimed at obtaining sensitive information from the governments of countries playing a crucial role in NATO’s and the West’s response to Russia’s war.
Recent ransomware attacks targeting Ukraine in late November have also been related to russian military sandworm hackers.
Slovakian software company ESET, which first spotted the wave of attacks, said at the time that ransomware named RansomBoggs was found on the networks of several Ukrainian organizations.
Microsoft also said Sandworm was behind Prestige ransomware attacks targeting the supply chain by attacking transport and logistics companies in Ukraine and Poland from October.
At the end of March, the Google Threat Analysis Group (TAG) observed phishing attacks on NATO and European military entities coordinated by the Russian-based threat group COLDRIVER.
Another Google TAG report from March with even more details on malicious activity related to Russia’s war in Ukraine exposed the efforts of Russian, Chinese and Belarusian hackers to compromise Ukrainian and European organizations and officials.