Microsoft report unmasks at least six Russian nation-state actors responsible for cyber-attacks against Ukraine

You are currently viewing Microsoft report unmasks at least six Russian nation-state actors responsible for cyber-attacks against Ukraine

According to a recent Microsoft analysis, since the invasion began earlier this year, at least six different Russian nation-state entities have conducted destructive cyber-attacks against Ukraine.

Microsoft researchers traced at least 237 “cyber activities” originating in Russia, according to the paper (PDF), which was released yesterday (April 27).

These assaults “have aimed to impair people’s access to trustworthy information and key life services on which citizens rely, as well as shatter faith in the country’s government,” according to Microsoft.

It comes more than two months after Russian soldiers entered Ukraine, igniting a conflict that has killed tens of thousands of lives thus far.

Hits on the head

These cyber-attacks, according to Microsoft, are “highly connected and often directly timed” with Russia’s kinetic military actions against civilian services and institutions.

“A Russian actor, for example, initiated cyber-attacks against a major broadcasting business on March 1, the same day the Russian military stated its intention to destroy Ukrainian ‘disinformation’ targets and launched a missile strike against a TV tower in Kyiv,” according to the research.

More than 40% of harmful assaults targeted organisations in important infrastructure sectors that might have significant second-order impacts on the Ukrainian government, military, economy, and citizens.

According to Microsoft, “at least six known or suspected Russian cyber threat organisations, as well as additional unidentified threat actors, are involved in actions ranging from reconnaissance and phishing for initial access to widespread lateral movement, data theft, and data deletion.”


“These players appear to be preparing themselves for continuing compromises and influence on Ukrainian networks for the duration of the crisis and beyond,” according to the report.

GRU unit 74455, nicknamed Sandworm, also known as Iridium, is one of the nation-state entities identified in the report, according to Microsoft, and is responsible for the malware FoxBlade wiper, CaddyWiper, and Industroyer2. Russian military intelligence is known as the GRU.

Leave a Reply