Microsoft Corp. has warned that a group of hackers linked to the Russian military intelligence agency GRU may be preparing for more hacking attacks. ransomware both inside and outside Ukraine.
The report, produced by the tech giant’s cybersecurity research and analysis team, outlines a series of new discoveries about how Russian hackers have operated during the Ukrainian conflict and what may come next.
During 2022, cyber attacks perpetrated by states directed against infrastructures have gone from representing 20% of the total (2021 percentage) to 40%.
According to the Microsoft report, this increase is due in large part to Russia’s goal of damaging Ukrainian infrastructure, as well as “aggressive” Russian spying on Ukraine’s allies, including the United States, by damaging digital infrastructure.
Microsoft calls the group planning the cyberattacks Iridium, but is perhaps better known as sandworm. He has been accused of attacks on Ukraine’s electrical power grid and government agencies, the 2018 Winter Olympics, and businesses around the world. Now, he seems to be getting ready to a destructive campaignthe software company said in a threat intelligence report on Wednesday.
Russian hackers have been accused of bombarding Ukrainian institutions with “cleanup malware” and DDoS Attacks, a campaign that began even before President Vladimir Putin ordered troops to invade Ukraine more than a year ago. However, Ukraine has largely fended off a major cyber war with the help of foreign technology companies, including Microsoft.
The ransomware attack against Polish and Ukrainian transport services in October, attributed to Sandworm, may have been “a test case” for further attacks, according to the report. Microsoft warned that it was a potential precursor to more Russian attacks beyond Ukraine’s borders.
The attack “tested the international community’s ability to attribute spying operations to Moscow” or the reaction of Ukraine’s allies to a destructive attack directed outside of Ukraine through the deployment of ransomware in the transport system of Poland, Microsoft said.
In a February report on cyber threats in Ukraine, Google said Sandworm’s cyber campaigns, which it calls FrozenBarents, “appear designed to further Russian strategic objectives and respond to changes in Russian intelligence requirements during the conflict.” ”.
The group, which is active since 2009targeted a Turkish drone maker, whose systems were used by Ukraine, in the early weeks of the war and targeted sensitive information such as Ukrainian military communications and troop movements, according to Google.
(With information from Bloomberg and Reuters)
Vladimir Putin threatened countries that support Ukraine with “quick strikes” using “weapons that no one else can boast of”
Vladimir Putin announced that Russia tested the Sarmat intercontinental ballistic missile: “It will make enemies think twice”
Ukraine takes the war behind enemy lines with the help of hackers and partisans