Hundreds of Cyberattacks Launched on Ukraine - Microsoft Report

Diving into details

• Right before the invasion, at least six Russian distinct actors launched more than 237 attacks. All of these attacks were of destructive nature and many are still ongoing. 
• GRU operators had launched wiper attacks on hundreds of systems belonging to Ukrainian financial, government, energy, and IT organizations. 
• Some destructive malware identified by MSTIC includes CaddyWiper, WhisperGate, FoxBlade, DesertBlade, DoubleZero, and Industroyer2. 
• More than 40% of attacks targeted organizations operating in the critical infrastructure sector. These attacks, in turn, affected civilians, the government, the economy, and the military.
• More than 30% of attacks targeted government organizations at the city, regional, and national levels.
• Groups associated with the GRU—APT28, Gamaredon, Sandworm, UNC2452/2652, DEV-0586, and Turla—were found pre-positioning for conflict since at least March 2021. 
• Between February 23 and April 8, almost 40 attacks permanently and discretely annihilated files in hundreds of systems. 

Why this matters

• The attackers are using a variety of attack tactics to gain initial access to the target. Some of these include phishing, infecting upstream IT service providers, and abusing unpatched bugs. 
• This access enables them to launch operations for destruction, establishing persistence, and data exfiltration. 
• The activities by Russian threat actors mostly comprised disrupting, infiltrating, or destroying a huge range of critical infrastructure and government networks.

The bottom line