WASHINGTON — A new examination of how Russia used its cyber capabilities during the first months of the war in Ukraine contains a number of surprises: Moscow carried out more cyberattacks than was realized at the time to strengthen his invasion, but more than two-thirds of them failed, echoing his poor performance on the physical battlefield.
However, the study, published by Microsoft on Wednesday, suggested that President Vladimir V. Putin’s government was doing more than many expected with its disinformation campaign to establish a pro-Russian narrative of the war, including by arguing that the United States was secretly producing biological weapons inside Ukraine.
The report is the latest effort by many groups, including US intelligence agencies, to understand the interplay of brutal physical warfare with a parallel – and often coordinated – struggle in cyberspace. He said Ukraine was well prepared to repel cyberattacks, having endured them for many years. This was due at least in part to a well-established system of warnings from private sector companies, including Microsoft and Google, and preparations that included moving many of Ukraine’s most important systems to the cloud, on servers outside Ukraine.
The narrative of Russia’s cyberattacks and disinformation campaigns showed that only 29% of attacks broke through targeted networks – in Ukraine, the United States, Poland and the Baltics. But it points to a more successful ongoing effort to dominate the information war, in which Russia has blamed Washington and Kyiv for starting the conflict now raging in eastern and southern Ukraine.
The war is the first large-scale battle in which traditional and cyber weapons have been used side by side, and the race is on to explore the unprecedented dynamics between the two. So far, very little of this momentum has developed as expected.
Initially, analysts and government officials were struck by the lack of crippling Russian attacks on Ukraine’s power grid and communications systems. In April, President Biden’s National Cyber Director, Chris Inglis, said “the question of the moment” was why Russia hadn’t made “a very big cyber play, at least against NATO and the states.” -United”. He speculated that the Russians thought they were headed for a quick victory in February, but “became distracted” when the war effort ran into obstacles.
Microsoft’s report says Russia attempted a major cyberattack on February 23, the day before the physical invasion. This attack, using malware called FoxBlade, was an attempt to use “cleaner” software that erased data on government networks. Around the same time, Russia attacked the Viasat satellite communications network, hoping to cripple the Ukrainian military.
“We were, I believe, among the first to witness the first shots being fired on February 23,” said Microsoft President Brad Smith.
“It’s been a series of formidable, intensive, even ferocious attacks, attacks that started with some form of erasure software, attacks that are really coordinated by different parts of the Russian government,” he added. Wednesday during a forum at the Ronald. Reagan Presidential Foundation and Institute in Washington.
But many attacks were thwarted, or there was enough redundancy built into Ukrainian networks that the efforts did little damage. The result, Mr Smith said, is that the attacks have been underreported.
In many cases, Russia has coordinated its use of cyberweapons with conventional attacks, including taking down a nuclear power plant’s computer network before moving its troops to take it over, Smith said. Microsoft officials declined to identify which factory Mr. Smith was referring to.
While much of the Russian cyber activity has focused on Ukraine, Microsoft has detected 128 network intrusions in 42 countries. Of the 29% of Russian attacks that successfully penetrated a network, Microsoft concluded, only a quarter resulted in data theft.
Outside of Ukraine, Russia has focused its attacks on the United States, Poland and two would-be NATO members, Sweden and Finland. Other members of the alliance were also targeted, especially as they began supplying more weapons to Ukraine. These violations, however, have been limited to surveillance – indicating that Moscow is trying to avoid bringing NATO countries directly into the fight through cyberattacks, just as it refrains from physically attacking. those countries.
But Microsoft, other tech companies and government officials said Russia linked the infiltration attempts to a massive propaganda effort around the world.
Microsoft tracked the growth in consumption of Russian propaganda in the United States during the first weeks of the year. It peaked at 82% just before the invasion of Ukraine on February 24, with 60 to 80 million page views per month. That number, Microsoft said, rivaled pageviews on the largest traditional media sites in the United States.
One example cited by Mr Smith was that of Russian propaganda inside Russia pushing its citizens to get vaccinated, while his English-language posts carried anti-vaccine content.
Microsoft also tracked the rise of Russian propaganda in Canada in the weeks before a convoy of truckers protesting vaccination mandates attempted to shut down Ottawa, and that in New Zealand ahead of protests against public health measures. intended to fight the pandemic.
“It’s not about consumption following the news; it’s not even a post-news amplification effort,” Smith said. “But I think it’s fair to say that it’s not just about this amplification preceding the news, but most likely trying to make and influence the making of the news of the day itself.”
Senator Angus King, an independent from Maine and a member of the Senate Intelligence Committee, noted that while private companies can follow Russian efforts to spread disinformation in the United States, American intelligence agencies are limited by laws that limit them. prevent us from scrutinizing American networks.
“There is a loophole, and I think the Russians are aware of that, and it allowed them to exploit an opening in our system,” said King, who also spoke at the Reagan Institute.
A provision in this year’s defense policy bill being considered by Congress would require the National Security Agency and its military cousin, the United States Cyber Command, to report to Congress every the two years on election security, including efforts by Russia and other foreign powers to influence Americans. .
“At the end of the day, the best defense is that our own employees are better consumers of information,” King said. “We need to educate people better so that they become better consumers of information. I call it digital literacy. And we need to teach fourth and fifth graders to tell a fake website from a real website.