Skip links
Cyber attacks against Ukraine

Winter cyber attacks against Ukraine

The world should be prepared for several lines of Russian digital attacks this winter, Microsoft’s Clint Watts – General Manager, Digital Threat Analysis Center, warns in a blog post: Cyber offensive against Ukrainian infrastructure; ransomware attacks targeting countries and companies supporting Ukraine; cyber-enabled operations that target Europe to exploit cracks in popular support for Ukraine.

“In recent months, cyber threat actors affiliated with Russian military intelligence have launched destructive wiper attacks against energy, water, and other critical infrastructure organizations’ networks in Ukraine as missile strikes knocked out power and water supplies to civilians across the country.” 

“Russian military operators also expanded destructive cyber activity outside Ukraine to Poland, a critical logistics hub, in a possible attempt to disrupt the movement of weapons and supplies to the front.”

Read Also:  Meta's Oversight Board overrules moderation of post about Russia's war in Ukraine

“Meanwhile, Russian propaganda seeks to amplify the intensity of popular dissent over energy and inflation across Europe by boosting select narratives online through state-affiliated media outlets and social media accounts to undermine elected officials and democratic institutions. To date these have had only limited public impact, but they foreshadow what may become broadening tactics during the winter ahead.”

He writes that Russian military intelligence actors’ recent execution of a ransomware-style attack—known as Prestige—in Poland may be a harbinger of Russia further extending cyberattacks beyond the borders of Ukraine. 

“Such cyber operations may target those countries and companies that are providing Ukraine with vital supply chains of aid and weaponry this winter.”

Watts says recent missile strikes against energy and transportation have been accompanied by cyberattacks on the same sectors, perpetrated by a threat group—known at Microsoft by the element name IRIDIUM and by others as Sandworm—associated with Russia’s military intelligence service, the GRU. 

Read Also:  War in Ukraine: documentation of attacks on journalists and media freedom

“The repeated temporal, sectoral, and geographic association of these cyberattacks by Russian military intelligence with corresponding military kinetic attacks indicate a shared set of operational priorities and provides strong circumstantial evidence that the efforts are coordinated.”

“Microsoft’s research of IRIDIUM shows a history of destructive attacks against Ukraine’s critical energy infrastructure that dates back nearly a decade.

Recent attacks in Poland suggest that Russian state-sponsored cyberattacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains, Watts writes.

This attack highlights the continued risk of Russian destructive cyberattacks to European organizations which directly supply or transport humanitarian and military assistance to Ukraine.

Protests in Europe this fall related to energy, inflation, and the war in Ukraine broadly—and their steady promotion by Russian propaganda outlets—foreshadow additional operations we may encounter this winter in support of Russian objectives by seeking to increase European dissatisfaction with energy supply, energy pricing, and inflation.”

“If energy and electricity disruptions in Ukraine lead to more refugees throughout Europe, Russian cyber-enabled influence operations may seek to increase frictions over migration to create intra- and inter-country conflicts—a theme visible in the Kremlin’s campaigns over the last decade as refugees fled to Eastern and Central Europe during the Syrian Civil War.”

In the coming months, European nations will likely be subjected to a range of influence techniques tailored to their populations’ concerns about energy prices and inflation more broadly. Russia has and will likely continue to focus these campaigns on Germany, a country critical for maintaining Europe’s unity and home to a large Russian diaspora, seeking to nudge popular and elite consensus toward a path favourable to the Kremlin.”

Read Also:  Russian cyberattacks targeting media and institutions in Ukraine







Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.

Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!

We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.

    Do you want an experienced opinion on a job issue?
    Moonshot Manager is here to answer!

      Moonshot community sharing thoughts and ideas, in a anonymous, safe environment.