Russia-backed hacking groups have wrought havoc in Ukrainian governmental and industrial systems and show signs of escalating cyberattacks on other targets including those outside of war zone, Microsoft reports. Hacking groups closely linked to the Russian government have made nearly 40 destructive attacks against hundreds of Ukrainian targets since the start of the invasion, according to a report issued by Microsoft.The attacks have been largely, but not exclusively, targeted at Ukrainian government institutions, and Microsoft’s report noted that these attacks have had damaging effects on the country’s economy and civilian population, in addition to Ukraine’s government and military.Operating under the apparent direction of three main groups — the GRU military intelligence service, SVR interior ministry and FSB security service — Russian-backed hackers undertook a huge range of offensive cyberoperations against Ukraine, ranging from phishing campaigns and misinformation to data theft and the destruction of critical systems, Microsoft said. Energy infrastructure has been a particular target of the hackers, according to Microsoft, which noted that nuclear safety organizations and regional energy providers have been targeted by data theft and system destruction attacks. But the energy sector is far from the only one in the hackers’ sights, as media organizations, logistics providers and even, in one case, an agricultural firm were compromised. Pace of cyberattacks expected to quickenMicrosoft said that the pace of attacks is likely to quicken as the invasion continues, given Russian President Vladimir Putin’s public insistence that the war “would continue until objectives were achieved.” A blog post accompanying the report said that the scope of Russia’s offensive cyberactivities could even expand as the conflict wears on, noting that there are already indications of retaliatory measures being taken against the numerous countries providing material support to Ukraine.“The alerts published by CISA and other US government agencies, and cyber-officials in other countries, should be taken seriously and the recommended defensive and resilience measures should be taken – especially by government agencies and critical infrastructure enterprises,” the post said. Actions to protect against Russian cyberattacksThe report also included a list of recommended steps for governmental and infrastructure IT security workers. Microsoft urged the adoption of multifactor authentication wherever possible, securing any internet-facing system, implementing an in-depth array of antimalware and endpoint detection solutions, and ensuring the availability of audit functionality for key systems.According to the report, some cyberattacks appeared to have been launched in tandem with real-world Russian attacks in Ukraine, but the exact degree of coordination between the hacking groups and the Russian military is difficult to determine.“[I]t is unclear if there is coordination, centralized tasking or merely a common set of understood priorities driving the correlation,” the report said. “At times, computer network attacks immediately preceded a military attack, but those instances have been rare from our perspective.” Related content news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 02, 2024 6 mins RSA Conference Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe