Microsoft warns of Russian cyberattacks throughout the winter

Russia hacker


Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter.


Redmond said in a report published over the weekend that it observed a pattern of targeted attacks on infrastructure in Ukraine by the Russian military intelligence threat group Sandworm in association with missile strikes.


The attacks have been accompanied by a propaganda campaign to undermine Western support (from the U.S., EU, and NATO) for Ukraine.


Russian propaganda has also sought to undermine European support for Ukraine and sow discord, with the end goal of disrupting the supply of aid and weaponry to Ukraine.


These attacks are expected to continue and could extend beyond Ukraine's borders to target countries and companies providing the country with vital supplies.


Microsoft says that Europe should be prepared for "several lines of potential Russian attack in the digital domain over the course of this winter."


"We believe these recent trends suggest that the world should be prepared for several lines of potential Russian attack in the digital domain over the course of this winter," the company said.


"Russia will seek to exploit cracks in popular support for Ukraine to undermine coalitions essential to Ukraine's resilience, hoping to impair the humanitarian and military aid flowing to the region.


"We should also be prepared for cyber-enabled influence operations that target Europe to be conducted in parallel with cyberthreat activity."


Sandworm is a group of elite Russian hackers that have been active for at least two decades, previously linked to malicious campaigns leading to the Ukrainian blackouts of 2015 and 2016 [1, 2, 3], the KillDisk wiper attacks targeting Ukrainian banks, and the NotPetya ransomware.


Brad Smith


Russian threat actors target Ukraine and NATO allies


This report comes after Microsoft warned in June that Russian intelligence agencies (including the GRU, SVR, and FSB) have stepped up cyberattacks against governments of countries that have been helping Ukraine after Russia's invasion, attempting to breach entities in dozens of countries worldwide.


The vast majority of the attacks were primarily focused on obtaining sensitive info from governments of countries playing crucial roles in NATO's and the West's response to Russia's war.


Recent ransomware attacks targeting Ukraine in late November have also been linked to the Sandworm Russian military hackers.


Slovak software company ESET who first spotted the wave of attacks, said at the time the ransomware they named RansomBoggs had been found on the networks of multiple Ukrainian organizations.


Microsoft also said Sandworm was behind Prestige ransomware attacks targeting the supply chain by attacking transportation and logistics companies in Ukraine and Poland starting in October.


In late March, the Google Threat Analysis Group (TAG) observed phishing attacks on NATO and European military entities coordinated by the COLDRIVER Russian-based threat group.


Another Google TAG report from March with even more details on malicious activity linked to Russia's war in Ukraine exposed Russian, Chinese, and Belarus state hackers' efforts to compromise Ukrainian and European orgs and officials.