The world should be prepared for several lines of Russian digital attacks this winter, Microsoft’s Clint Watts – General Manager, Digital Threat Analysis Center, warns in a blog post: Cyber offensive against Ukrainian infrastructure; ransomware attacks targeting countries and companies supporting Ukraine; cyber-enabled operations that target Europe to exploit cracks in popular support for Ukraine.
“In recent months, cyber threat actors affiliated with Russian military intelligence have launched destructive wiper attacks against energy, water, and other critical infrastructure organizations’ networks in Ukraine as missile strikes knocked out power and water supplies to civilians across the country.”
“Russian military operators also expanded destructive cyber activity outside Ukraine to Poland, a critical logistics hub, in a possible attempt to disrupt the movement of weapons and supplies to the front.”
“Meanwhile, Russian propaganda seeks to amplify the intensity of popular dissent over energy and inflation across Europe by boosting select narratives online through state-affiliated media outlets and social media accounts to undermine elected officials and democratic institutions. To date these have had only limited public impact, but they foreshadow what may become broadening tactics during the winter ahead.”
He writes that Russian military intelligence actors’ recent execution of a ransomware-style attack—known as Prestige—in Poland may be a harbinger of Russia further extending cyberattacks beyond the borders of Ukraine.
“Such cyber operations may target those countries and companies that are providing Ukraine with vital supply chains of aid and weaponry this winter.”
Watts says recent missile strikes against energy and transportation have been accompanied by cyberattacks on the same sectors, perpetrated by a threat group—known at Microsoft by the element name IRIDIUM and by others as Sandworm—associated with Russia’s military intelligence service, the GRU.
“The repeated temporal, sectoral, and geographic association of these cyberattacks by Russian military intelligence with corresponding military kinetic attacks indicate a shared set of operational priorities and provides strong circumstantial evidence that the efforts are coordinated.”
“Microsoft’s research of IRIDIUM shows a history of destructive attacks against Ukraine’s critical energy infrastructure that dates back nearly a decade.
Recent attacks in Poland suggest that Russian state-sponsored cyberattacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains, Watts writes.
This attack highlights the continued risk of Russian destructive cyberattacks to European organizations which directly supply or transport humanitarian and military assistance to Ukraine.
“Protests in Europe this fall related to energy, inflation, and the war in Ukraine broadly—and their steady promotion by Russian propaganda outlets—foreshadow additional operations we may encounter this winter in support of Russian objectives by seeking to increase European dissatisfaction with energy supply, energy pricing, and inflation.”
“If energy and electricity disruptions in Ukraine lead to more refugees throughout Europe, Russian cyber-enabled influence operations may seek to increase frictions over migration to create intra- and inter-country conflicts—a theme visible in the Kremlin’s campaigns over the last decade as refugees fled to Eastern and Central Europe during the Syrian Civil War.”
“In the coming months, European nations will likely be subjected to a range of influence techniques tailored to their populations’ concerns about energy prices and inflation more broadly. Russia has and will likely continue to focus these campaigns on Germany, a country critical for maintaining Europe’s unity and home to a large Russian diaspora, seeking to nudge popular and elite consensus toward a path favourable to the Kremlin.”