Microsoft is preparing for a large number of Russian cyberattacks this winter and is warning others to stay vigilant. Between missiles, drones and cyberattacks, the onslaught on Ukraine has been brutal and will reportedly only get worse in the coming months.
“Moscow has intensified its multi-pronged hybrid technology approach to put pressure on Kyiv’s sources of military and political support,” Microsoft says in a recent blog post. (opens in a new tab) (via Bleeping Computer (opens in a new tab)). “Recent attacks in Poland suggest that Russian state-sponsored cyberattacks may increasingly be used outside of Ukraine in an effort to undermine supply chains abroad.”
In late October, Russian forces were driven out of previously occupied territory, retaliating with missile strikes, drone and cyber attacks that left much of Kyiv in need of running water.
The Russian ATP group known to Microsoft as IRIDIUM (also known as Sandworm (opens in a new tab)) is believed to be working with the Russian intelligence service, the GRU, in coordinated efforts to inflict suffering on the people of Ukraine. The group has been on the run for nearly a decade, as Microsoft notes: “Following Russia’s 2014 annexation of Crimea, IRIDIUM launched a series of winter operations against Ukrainian electricity providers, cutting off power to hundreds of thousands of citizens in 2015 and 2016”.
Winter, of course, provides a powerful complementary effect to any attack on infrastructure that causes power outages. No power, for many, will mean no heat. One could imagine that this is why attacks are expected to increase during the winter, specifically.
The cyber bombardment soon refocused on targets outside of Ukraine as well, with Microsoft reporting that Sandworm soon deployed its Prestige ransomware across logistics and transportation in Poland and Ukraine. Microsoft explains that this was the “first war-related cyberattack against entities outside of Ukraine since the Viasat KA-SAT attack at the beginning of the invasion.”
It’s been on the rise ever since, but Microsoft offers a plan to combat upcoming cyberattacks. “Throughout the winter and into 2023, we will work with our clients and in support of democracies to: Detect…Disrupt…Defend…Deter,” he says.
The post concludes with a suggestion that, for its clients, it “encourages the use of strong cyber hygiene and the latest detection and response technology to reduce vulnerabilities and recover from cyberattacks,” which can be found in the report by Digital Defense 2022. (opens in a new tab).