Microsoft Corp. warned that a group of hackers linked to the Russian military intelligence agency GRU could be preparing for more hacking attacks. Ransomware both inside and outside Ukraine.
The report, produced by the tech giant’s cybersecurity research and analysis team, outlines a series of new findings about how Russian hackers operated during the Ukraine conflict and what may come next.
Over the course of 2022, cyberattacks perpetrated by States directed against infrastructure have increased from representing 20% of the total (percentage 2021) to 40%.
According to Microsoft’s report, this increase is largely due to Russia’s aim to damage Ukrainian infrastructure, as well as “aggressive” Russian spying on Ukraine’s allies, including United States, by damaging the digital infrastructure.
Microsoft calls the group that plans the cyberattacks Iridium, but is perhaps better known as sandworm. He has been accused of attacks on Ukraine’s power grid and government agencies, the 2018 Winter Olympics and businesses around the world. Now it seems to be getting ready to a destructive campaignthe software company said in a threat intelligence report on Wednesday.
Russian hackers have been accused of bombing Ukrainian institutions with “clean up malware” y DDoS attacks, a campaign that began even before President Vladimir Putin ordered troops to invade Ukraine more than a year ago. However, Ukraine has largely repelled a major cyberwar with the help of foreign tech companies, including Microsoft.
The ransomware attack on Polish and Ukrainian transport services in October, attributed to Sandworm, may have been “a test case” for further attacks, according to the report. Microsoft warned that it was a potential precursor to other Russian attacks beyond Ukraine’s borders.
The attack “tested the ability of the international community to attribute espionage operations to Moscow” or the reaction of Ukraine’s allies to a destructive attack directed outside Ukraine by the deployment of ransomware in Poland’s transport system, said Microsoft.
In a February report on cyber threats in Ukraine, Google said Sandworm’s cyber campaigns, which it calls FrozenBarents, “appear designed to promote Russian strategic objectives and respond to changes in Russian intelligence requirements during the conflict.”
The group, which is active since 2009targeted a Turkish drone maker, whose systems were used by Ukraine, in the early weeks of the war and targeted sensitive information such as Ukrainian military communications and troop movements, according to Google.
(With information from Bloomberg and Reuters)
Vladimir Putin threatened countries supporting Ukraine with ‘rapid strikes’ using ‘weapons no one else can brag about’
Vladimir Putin announces that Russia has tested the Sarmat intercontinental ballistic missile: “It will make enemies think twice”
Ukraine is waging war behind enemy lines with the help of hackers and partisans