Microsoft says Ukraine has encountered nearly 40 "destructive" malware attacks that are likely Russian-led efforts to cripple the country’s government and infrastructure.
"From February 23 to April 8, we saw evidence of nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine," the company said.
On Wednesday, Microsoft published a report looking at the full scope of the cyberattacks Ukraine has experienced since Russia’s invasion of the country. For months now, the company has been working with Ukrainian cybersecurity officials and the country’s private sector to bolster the country’s IT defenses and respond to computer hacks.
Perhaps the most devastating cyberattacks Ukraine has encountered involves data-wiping malware that can delete files and sometimes render machines “unbootable.” In total, Microsoft has been tracking eight so-called destructive malware strains, including one called Industroyer2, which can manipulate physical processes at industrial plants.
Thirty-two percent of the destructive malware attacks hit Ukraine government organizations at the national, regional, and city levels. Meanwhile, another 40% targeted critical infrastructure providers, including the energy sector. But not all the attacks were necessarily successful.
Microsoft Corporate VP Tom Burt says the Kremlin is likely behind the attacks, which have also included a wide range of cyber-espionage attempts. “Starting just before the invasion, we have seen at least six separate Russia-aligned nation-state actors launch more than 237 operations against Ukraine,” he wrote in a blog post.
“The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership,” he added.
According to Microsoft, most of the destructive malware attacks, at 22, occurred during the first week of Russia’s invasion of Ukraine. After that, the pace of the attacks decreased to about two per week. However, Microsoft fears Russia will expand the scope of its destructive malware attacks against both Ukraine and its allies.
“In addition to the energy sector, the communications sector in Ukraine may suffer future destructive attacks, based on several known and suspected actors’ continued pursuit of compromises in that sector,” the company said. “Russia-aligned actors active in Ukraine are also showing interest in or conducting operations against organizations in the Baltics and Turkey, all member states on NATO’s eastern flank that are actively providing political, humanitarian, or military support Ukraine.”
To fend off the attacks, Microsoft’s report includes information on how the suspected Russian hackers are operating. The tactics include using spear-phishing emails loaded with malware, exploiting vulnerabilities in “public-facing applications” and stealing passwords.