Law360 (April 27, 2022, 9:36 PM EDT) — Hacking groups backed by the Kremlin have launched close to 40 destructive cyberattacks on Ukraine’s government and critical infrastructure since Russia’s invasion of the country, and began setting the stage for their intrusions as early as March 2021, Microsoft Corp. said Wednesday.
The software giant’s Digital Security Unit also attributed a series of data-wiping malware attacks discovered on Ukrainian computer networks the day before Russia’s February invasion to a hacking group known as Sandworm that has long been linked to Russian intelligence services.
Russia-backed attackers targeted “hundreds of systems in Ukrainian government, IT, energy, and financial organizations” hours before Russia began its physical invasion, in attempts to destabilize Ukraine authorities and confuse the Ukrainian public, Microsoft’s report says.
“The attacks have not only degraded the systems of institutions in Ukraine, but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership,” wrote Microsoft vice president Tom Burt in a blog post summing up the report’s findings.
In total, at least six separate Russia-aligned nation-state actors have launched more than 237 operations against Ukraine since the start of the conflict — including nearly 40 of what the company called “destructive attacks that are ongoing and threaten civilian welfare.”
In several cases, Russian actors launched cyberattacks in what appears to be strategically timed efforts to hit targets of its physical warfare, Microsoft’s report found. On March 1, for example, a Russian hacking group attacked