Russia-military-army-Moscow|
Image: Igor Dernovoy, The Record

‘The world should be prepared’ — Microsoft issues warning about Russian cyberattacks over winter

Microsoft has warned that “the world should be prepared for several lines of potential Russian attack in the digital domain over the course of this winter,” referencing both destructive cyber operations and those designed to exacerbate social tensions.

The company said Russia’s military cyber operations have now expanded beyond Ukraine to hit Poland, referencing the ‘Prestige’ ransomware attacks which recently targeted the country’s transport and logistics sector. Microsoft last month attributed these attacks to the Iridium hacking group associated with the GRU, Russia’s military intelligence agency.

The Prestige ransomware attacks were the first cyber operations to affect entities outside of Ukraine since the Viasat hack at the start of the invasion in February, Microsoft said. While their destructive impact was limited — hitting less than 20% of one targeted organization’s network, according to Microsoft — the group “almost certainly collected intelligence on supply routes and logistics operations that could facilitate future attacks.”

The tech giant said that it was perhaps because the impact of the attack had been limited by defenders that “international outcry against this new extension of the hybrid war beyond the borders of Ukraine has been muted.”

But they may still be “a harbinger of Russia further extending cyberattacks beyond the borders of Ukraine,” said Clint Watts, general manager of Microsoft’s Digital Threat Analysis Center, warning such operations “may target those countries and companies that are providing Ukraine with vital supply chains of aid and weaponry this winter.”

Last week the cybersecurity company ESET said that Sandworm, another GRU-linked hacking group closely associated with Iridium, may be behind another wave of ransomware attacks in Ukraine, although the company hadn’t detected it being deployed elsewhere.

Russia has used a wide array of wipers and ransomware in its cyberattacks on Ukraine. Microsoft said that of “the roughly 50 Ukrainian organizations that Russian military operators have hit with destructive wiper malware since February 2022, 55% were critical infrastructure organizations, including in the energy, transportation, water, law enforcement and emergency services, and health care sectors.”

Microsoft noted that just as Russian missile strikes have “cut power to more than 10 million Ukrainians and left up to 80% of Kyiv’s population without running water” there have been associated cyberattacks, indicating “a shared set of operations priorities” and providing circumstantial evidence that the kinetic and cyber operations are coordinated.

Germany consuming most Russian propaganda in Europe

Microsoft also warned of a significant threat from cyber-enabled influence operations which Russia could deploy “in parallel with cyber threat activity” to provoke social tensions in Europe and undermine the popular support for Ukraine which has empowered the country to defend itself against invasion.

Energy shortages and inflation in Europe are likely to be the main targets of Russian efforts to “stir up and potentially mobilize grievances” said Microsoft, warning that a large proportion of these operations will be directed at Germany.

The company said its AI for Good Lab has created a Russian Propaganda Index (RPI) “to monitor the consumption of news from Russian state-controlled and -sponsored news outlets and amplifiers.” It found that people in Germany are reading and watching far more Russian propaganda than other parts of Western Europe — over three times the regional average. 

Microsoft suggests this might in part be due to Germany having one of the largest Russian diaspora populations in Europe — nearly six million people — and in part due to decades of Russian investment in soft power and public diplomacy in the country.

It said that “strong connections between Kremlin-affiliated ideologues and Germany’s far right will likely be leveraged” in narratives criticizing the government’s handling of the energy crisis and the war in Ukraine.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.