WASHINGTON. A new study of how Russia used its cyber capabilities in the early months of the war in Ukraine contains a number of surprises: Moscow carried out more cyber attacks than thought at the time to support its invasion, but more than two-thirds of them failed. , echoing his poor performance on the physical battlefield.
However, the study published by Microsoft on Wednesdaysuggested that the government of President Vladimir V. Putin has succeeded more than many expected in its disinformation campaign to create a narrative of the war favorable to Russia, including the allegation that the United States was covertly manufacturing biological weapons on Ukrainian soil.
The report is the latest attempt by many groups, including US intelligence agencies, to understand the interplay of brutal physical warfare with parallel—and often coordinated—fighting in cyberspace. it pointed out that Ukraine was well prepared to repel cyberattacks, having survived them for many years. This was partly due to a well-established alert system from private sector companies including Microsoft and Google, and preparations that included migrating most of Ukraine’s most critical systems to the cloud on servers outside of Ukraine.
A report on Russian cyberattacks and disinformation campaigns found that only 29 percent of attacks hit targeted networks — in Ukraine, the US, Poland, and the Baltics. But it points to more successful attempts to dominate the information war, in which Russia has accused Washington and Kyiv of starting the conflict that is now raging in eastern and southern Ukraine.
This war is the first all-out battle where conventional and cyber weapons have been used side by side, and the race continues to explore never-before-seen dynamics between the two. So far, very little of this dynamic has developed as expected.
At first, analysts and government officials were struck by the absence of serious Russian attacks on Ukraine’s power and communications systems. In April, President Biden’s national director of cybersecurity, Chris Inglis, said the “question of the moment” is why Russia hasn’t made a “very significant game in cyberspace, at least against NATO and the United States.” He suggested that the Russians thought they were heading for a quick victory in February, but were “distracted” when the hostilities ran into trouble.
Microsoft’s report says Russia launched a major cyberattack on February 23, the day before the physical intrusion. This malware attack, called FoxBlade, was an attempt to use a “cleaner” program that erased data on government networks. Around the same time, Russia attacked the Viasat satellite communications network, hoping to disable the Ukrainian army.
“We were, I think, among the first to witness the first shots fired on February 23rd,” said Brad Smith, President of Microsoft.
“It was a formidable, intense, even ferocious set of attacks, attacks that started with one form of data cleansing software, attacks that are really coordinated from different parts of the Russian government,” he added Wednesday at the Ronald forum. Presidential Foundation and the Reagan Institute in Washington.
But many attacks were thwarted, or enough redundant funds were built into Ukrainian networks that the effort did little damage. As a result, according to Mr. Smith, attacks are underreported.
June 22, 2022 7:27 pm ET
On numerous occasions, Russia coordinated the use of cyberweapons with conventional attacks, Mr. Smith said, including knocking out the nuclear power plant’s computer network before bringing in its troops to take it over. Microsoft officials declined to specify which plant Mr. Smith was referring to.
While most of Russia’s cyber activity is concentrated in Ukraine, Microsoft has detected 128 network intrusions in 42 countries. Microsoft concluded that of the 29 percent of Russian attacks that successfully penetrated the network, only a quarter resulted in data theft.
Outside of Ukraine, Russia has focused its attacks on the United States, Poland and two contenders for NATO membership, Sweden and Finland. Other members of the alliance were also persecuted, especially when they began to supply Ukraine with more weapons. These violations, however, were limited to surveillance, indicating that Moscow is trying to avoid direct involvement of NATO countries in the fight through cyberattacks, just as it refrains from physical attacks on these countries.
But Microsoft, other tech companies and government officials have said Russia has combined these infiltration attempts with a broad propaganda effort around the world.
Microsoft tracked the rise in consumption of Russian propaganda in the US in the first weeks of the year. It peaked at 82% right before the invasion of Ukraine on February 24, with 60 to 80 million monthly page views. That figure rivals the number of page views on the largest traditional media sites in the United States, Microsoft says.
One example cited by Mr. Smith was Russian propaganda inside Russia pushing its citizens to get vaccinated while its English-language messages were spreading anti-vaccine content.
Microsoft also tracked the rise of Russian propaganda in Canada in the weeks before the trucker convoy protesting the vaccine ban tried to shut down Ottawa, and in New Zealand before protests against public health measures aimed at combating the pandemic.
“This is not a case of consumption after the news; it’s not even about the post-news dissemination efforts,” Mr. Smith said. “But I think it’s fair to say that this is not only an amplification that precedes the news, but quite possibly an attempt to create and influence the creation of the news of the day itself.”
Senator Angus King, an Independent from Maine and a member of the Senate Intelligence Committee, noted that while private companies can monitor Russia’s efforts to spread disinformation inside the United States, US intelligence agencies are limited by laws that prevent them from looking inside American networks.
“There is a gap, and I think the Russians are aware of it, and that allowed them to exploit the gap in our system,” said Mr. King, who also spoke at the Reagan Institute.
A provision in this year’s defense policy bill being considered by Congress requires the National Security Agency and its military cousin, US Cyber Command, to report every two years to Congress on election security, including efforts by Russia and other foreign powers to influence Americans. .
“Ultimately, the best protection for our people is a more efficient consumption of information,” Mr. King said. “We need to better educate people to be better consumers of information. I call it digital literacy. And we should be teaching kids in fourth and fifth grade how to tell a fake website from a real one.”