The cybersecurity landscape has been going through a lot lately. Take, for instance, the constant cyber war between Russia and Ukraine. Microsoft released a report detailing the humongous scale of Russian cyberattacks against Ukraine. Multiple threat actors targeted citizens and national infrastructure. The attacks, furthermore, leveraged destructive malware to disrupt critical systems and prevent civilians’ access to information and life services. 

Diving into details

  • Right before the invasion, at least six Russian distinct actors launched more than 237 attacks. All of these attacks were of destructive nature and many are still ongoing. 
  • GRU operators had launched wiper attacks on hundreds of systems belonging to Ukrainian financial, government, energy, and IT organizations. 
  • Some destructive malware identified by MSTIC includes CaddyWiper, WhisperGate, FoxBlade, DesertBlade, DoubleZero, and Industroyer2
  • More than 40% of attacks targeted organizations operating in the critical infrastructure sector. These attacks, in turn, affected civilians, the government, the economy, and the military.
  • More than 30% of attacks targeted government organizations at the city, regional, and national levels.
  • Groups associated with the GRU—APT28, Gamaredon, Sandworm, UNC2452/2652, DEV-0586, and Turla—were found pre-positioning for conflict since at least March 2021. 
  • Between February 23 and April 8, almost 40 attacks permanently and discretely annihilated files in hundreds of systems. 

Why this matters

  • The attackers are using a variety of attack tactics to gain initial access to the target. Some of these include phishing, infecting upstream IT service providers, and abusing unpatched bugs
  • This access enables them to launch operations for destruction, establishing persistence, and data exfiltration. 
  • The activities by Russian threat actors mostly comprised disrupting, infiltrating, or destroying a huge range of critical infrastructure and government networks.

The bottom line

Considering the destructive actions and geopolitical motivations of the attackers, Microsoft researchers expect the barrage of attacks to continue. They, moreover, anticipate that both the communications and energy sectors will be heavily impacted. Hence, alerts issued by the CISA, cyber officials, and the U.S. government should be heeded and proper defensive measures should be implemented.

Cyware Publisher