Russian hacking team, Sandworm, was testing ‘additional ransomware-style capabilities that could be used in destructive attacks on organizations outside Ukraine’ (Picture: Getty Images/Science Photo Libra)
Russian hackers appear to be preparing a renewed wave of cyber attacks against Ukraine, according to a research report by Microsoft.
On Wednesday, the tech giant’s cyber security research and analysis team outlined a series of discoveries about how Russian hackers have operated during the Ukraine conflict and what may come next.
‘Since January 2023, Microsoft has observed Russian cyber threat activity adjusting to boost destructive and intelligence gathering capacity on Ukraine and its partners’ civilian and military assets,’ said the report.
One group ‘appears to be preparing for a renewed destructive campaign’.
Microsoft found that a particularly sophisticated Russian hacking team, known as Sandworm, was testing ‘additional ransomware-style capabilities that could be used in destructive attacks on organizations outside Ukraine that serve key functions in Ukraine’s supply lines’.
Russian hackers appear to be preparing a renewed wave of cyber attacks against Ukraine, according to a research report by Microsoft (Picture: EPA)
A ransomware attack typically involves hackers penetrating an organization, encrypting their data and extorting them for payment to regain access.
Historically, ransomware has also been used as cover for more malicious cyber activity, including so-called wipers that simply destroy data.
Since January 2022, Microsoft said it had discovered at least nine different wipers and two types of ransomware variants used against more than 100 Ukrainian organizations.
‘In 2023, Russia has stepped up its espionage attacks, targeting organizations in at least 17 European nations, mostly government agencies. Wiper attacks continue in Ukraine.’ said Clint Watts, general manager for Microsoft’s Digital Threat Analysis Center.
These developments have been paired with a growth in more stealthy Russian cyber operations designed to directly compromise organizations in countries allied to Ukraine, according to the report.
Since January 2023, Microsoft has observed Russian cyber threat activity adjusting to boost destructive and intelligence gathering capacity on Ukraine (Picture: AFP)
As of late November 2022, Microsoft and other security firms identified a new form of ransomware, called ‘Sullivan’, deployed against Ukrainian targets, in addition to the ‘Prestige’ ransomware Russia deployed in Ukraine and Poland in October 2022.
‘Our analysis suggests that Russia will continue to conduct espionage attacks against Ukraine and Ukraine’s partners, and destructive attacks within and potentially outside Ukraine as was done with Prestige,’ said Watts.
Moscow has also taken to spreading propaganda aimed at Ukrainian refugees across Europe, trying to convince them that they could be deported and conscripted into the Ukrainian military.
Russian media promoted protests supported by a pro-Russia political party encouraging citizens to demand the government pay for winter energy bills.
Since January 2022, Microsoft had discovered two types of ransomware variants used against more than 100 Ukrainian organizations (Picture: AFP)
Another Russia-aligned campaign called ‘Moldova Leaks’ published alleged leaks from Moldovan politicians, just one of many of hack-and-leak operations aimed at sowing distrust between European citizens and their governments.
The findings come as Russia has been introducing new troops to the battlefield in eastern Ukraine, according to Western security officials.
Ukraine Defense Minister Oleksiy Reznikov last month warned that Russia could accelerate its military activities surrounding the February 24 anniversary of its invasion.
The Russian embassy in Washington did not immediately respond to a Reuters request for comment.
MORE : US to continue surveillance flights despite Russia’s warning after downing drone
MORE : Russia recruiting high school students to fight in Ukraine
Over 100 Ukrainian organizations were attacked by ransomware.