Microsoft says its researchers have determined that Russian hackers have conducted destructive cyberattacks on Ukraine, including some that date back to a year before it launched its invasion on February 24.
The U.S. software giant released a report on April 27 that details cyberattacks that it said its researchers observed and what the company said it has done to help protect Ukraine.
Microsoft has reported on alleged Russian cyberattacks against Ukraine before, but the new report discloses some previously unknown activity and says that in some cases, hacking and military operations worked in "tandem against a shared target."
Tom Burt, vice president for customer security and trust, in a blog post accompanying the report, said the research showed that Russia's use of cyberattacks "appears to be strongly correlated and sometimes directly timed" with military operations targeting services and institutions.
"The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people's access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country's leadership," Burt said.
The report did not name specific targets, but telecommunications companies and local, regional, and national government agencies are known to have been targeted in the past.
The company's report includes a timeline of the Russian cyberoperations observed by its researchers, and it indicates that what it called "Russia-aligned nation-state actors" began prepositioning for conflict as early as March 2021.
Russia has consistently denied accusations related to cyberactivity, including Kyiv's assertions of large cyberattacks as part of a "hybrid war" against Ukraine.
According to Microsoft, the hackers use a variety of techniques, including phishing, exploiting unpatched vulnerabilities, and compromising upstream IT service providers, to gain initial access to their targets.
These footholds could be used later to collect "strategic and battlefield intelligence or to facilitate future destructive attacks."
Burt said Microsoft believes it's important to share the information its researchers observed so that policymakers and the public know what’s occurring and for the benefit of others in the security community.
He added that Microsoft also believes that cyberattacks will continue to escalate as the conflict rages.
"Russian nation-state threat actors may be tasked to expand their destructive actions outside of Ukraine to retaliate against those countries that decide to provide more military assistance to Ukraine and take more punitive measures against the Russian government in response to the continued aggression," Burt said.
