A research report by Microsoft warned on Wednesday that Russian hackers are allegedly preparing a renewed wave of cyberattacks – including a ransomware-style threat to organizations serving supply lines – against Ukraine.
In a typical ransomware attack, hackers are extorting for payment the organization they’ve penetrated to allow it to regain access to their data that hackers have encrypted.
Per the report prepared by Microsoft’s cybersecurity research and analysis team, the tech giant has observed since January 2023 Russian cyber threat activity, outlining the new discoveries about how Russian hackers have operated during the Ukraine conflict and their possible, future activities.
The analysis points out that they’re adjusting to boost destructive and intelligence-gathering capacity in Ukraine as well as on the civilian and military assets of its partner countries.
According to Clint Watts, general manager for Microsoft’s Digital Threat Analysis Center, Russian threat actors have sought access to government and commercial organizations involved in efforts to support Ukraine in nations throughout the Americas and Europe, especially among Ukraine’s neighbors.
Microsoft’s report found that Sandworm, a particularly sophisticated Russian hacking team, was testing additional ransomware-style capabilities.
The group, which is notorious within the cyber security research community, could be using these capabilities for destructive attacks on foreign organizations outside the country that serve key functions in the supply lines of Ukraine.
Microsoft said that, since January 2022, it had discovered even more malicious cyber activity in which at least nine different wipers – that simply destroy data – and two types of ransomware variants were used by Russian hackers used against over 100 Ukrainian organizations.
These developments have been paired with a growth in activities on the ground as Moscow has been introducing new troops to eastern Ukraine’s battlefield.
Emma Schroeder, associate director of the Atlantic Council’s Cyber Statecraft Initiative, explains that Russia has previously also implemented the tactic of combining kinetic, physical military operations with efforts to disrupt or deny defenders’ ability to coordinate and use cyber-dependent technology.