The cybersecurity landscape has been going through a lot lately. Take, for instance, the constant cyber war between Russia and Ukraine. Microsoft released a report detailing the humongous scale of Russian cyberattacks against Ukraine. Multiple threat actors targeted citizens and national infrastructure. The attacks, furthermore, leveraged destructive malware to disrupt critical systems and prevent civilians’ access to information and life services.
Diving into details
Right before the invasion, at least six Russian distinct actors launched more than 237 attacks. All of these attacks were of destructive nature and many are still ongoing.
GRU operators had launched wiper attacks on hundreds of systems belonging to Ukrainian financial, government, energy, and IT organizations.
Between February 23 and April 8, almost 40 attacks permanently and discretely annihilated files in hundreds of systems.
Why this matters
The attackers are using a variety of attack tactics to gain initial access to the target. Some of these include phishing, infecting upstream IT service providers, and abusing unpatched bugs.
This access enables them to launch operations for destruction, establishing persistence, and data exfiltration.
The activities by Russian threat actors mostly comprised disrupting, infiltrating, or destroying a huge range of critical infrastructure and government networks.
The bottom line
Considering the destructive actions and geopolitical motivations of the attackers, Microsoft researchers expect the barrage of attacks to continue. They, moreover, anticipate that both the communications and energy sectors will be heavily impacted. Hence, alerts issued by the CISA, cyber officials, and the U.S. government should be heeded and proper defensive measures should be implemented.