Relentless Russian cyberattacks have given way to a hybrid war in Ukraine, a recent Microsoft report finds. “The [cyber]attacks not only degraded the systems of institutions in Ukraine, but have also sought to disrupt people’s access to reliable information and critical life services on which civilian depend, and have attempted to shake confidence in the country’s leadership,” the report says.
Thirty-two percent of the attacks analyzed by Microsoft’s Digital Security Unit targeted national, local, or regional government organizations, and 40 percent targeted infrastructure organizations, impacting the countries’ defense, economy, and civilians.
“The most feared Russian cyberattacks today are those that target critical infrastructure and can damage energy supplies, food, electricity, communications, etc.,” Joseph Humire, an expert on transnational threats in the Western Hemisphere and director of the U.S. Think tank Center for a Free and Secure Society, told Diálogo May 26.
According to Microsoft, Russian cybercriminal groups began pre-positioning for the conflict as early as March 2021, although the Ukrainian Army faced aggression since the first Russian invasion in 2014, “making it difficult to identify an exact time when long-term espionage may have shifted to support invasion preparation,” the April 28 report states.
The U.S. government not only condemned Russia’s cyberattacks against Ukraine, but also offered May 6, through the State Department, a $10-million reward for the identification or location of the leaders of the Conti hacking group, and up to $5 million for information leading to their arrest for attacks on the Costa Rican government, severely hampering government tax and customs processes.
“The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years,” Ned Price, spokesman for the U.S. State Department, said in a May 6 statement. “The FBI estimates that, as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware, with victim payouts exceeding $150 million, making the Conti ransomware variant the costliest strain of ransomware ever documented.”
On April 26, the State Department also offered another reward of up to $10 million for information leading to the capture of six Russian military intelligence officers for their involvement in “a conspiracy that deployed destructive malware […] for the strategic benefit of Russia through unauthorized access to victim computers.”
The State Department referred to the cyberattack launched in June 2017 with the program known as NotPetya, which damaged the computers of “institutions and companies in some 150 countries,” and specifically in hospitals and medical centers, as well as private sector institutions in China, France, Germany, Italy, Poland, Spain, Taiwan, Ukraine, United Kingdom, United States, and Vietnam, among others, BBC News reported. This attack represented losses of up to $1 billion, the State Department said.
These Russian cyberattacks may give way to new conflicts. “Cyberattacks are the fifth dimension of wars […]; many times they can escalate into longer conflicts depending on the type and impact of the attack,” Humire said. “When Russia launched a cyberattack against Estonia in 2007, this led NATO to produce the Tallinn Manual, an academic study on how international law applies to cyber conflicts and cyber warfare.”
“Cyber operations are not only aimed at weakening infrastructure, but also at disinformation campaigns and generating internal sabotage, not strictly related to affecting technological platforms,” Salvadoran cybersecurity expert Mario Orellana told Diálogo. “Sometimes it isn’t convenient for them to know who made the attacks. They are simply generated, and the fault falls on someone else. Let’s not forget that, for Russia, taking responsibility goes against their principles of intelligence operations and sabotage.”