The war between Russia and Ukraine has taken a new turn, with Russian threat actors engaging in cyber espionage and influence operations to diminish support for Ukraine and sow discord among its global allies. According to Microsoft, these actions are an urgent threat to the security of computer networks and civic life within Ukraine’s allies in the region, NATO, and globally.
Microsoft has observed a trio of trends related to Russia’s cyber and influence operations. One of these trends is the deployment of hacktivist personas on Telegram that spread messages aimed at justifying military assaults on civilian infrastructure in Ukraine and conducting distributed denial-of-service (DDoS) attacks against Ukraine’s allies abroad. These actions align with previous reports from Microsoft that highlighted the suspected connections of these hacktivist groups to Russian military intelligence.
The second trend uncovered by Microsoft is the use of a mix of techniques by Kremlin-affiliated actors to blend in and evade detection. Threat actors have been observed using various methods to gain initial access and establish persistence on targeted networks, including password spraying, social engineering campaigns, and exploitation of perimeter server systems. Additionally, they have integrated HTML smuggling in phishing campaigns to reduce the likelihood of detection by antivirus signatures and email security controls.
Finally, Microsoft assesses that key political contests, such as the upcoming US presidential election in 2024, are likely to be significant targets for Russia-affiliated influence actors. These actors may use video media and AI-enabled content, among other tactics, to influence the political landscape.
In response to these threats, Microsoft is working to protect its customers in Ukraine and worldwide from multifaceted cyber and influence threats. The company is integrating advances in AI-driven cyber defense and secure software engineering, while also deploying resources to safeguard voters, candidates, campaigns, and election authorities worldwide.
Microsoft believes that sharing this information is critical in encouraging continued vigilance against threats to the integrity of the global information space. By coming together as a global cyber community, collective defenses can be strengthened to safeguard democratic norms and protect against cyber threats. By staying on top of these threat trends and sharing information across the broader security ecosystem, collective cyber defenses can be enhanced to address the evolving threats posed by Russian threat actors.