WASHINGTON – A new examination of how Russia used its cybercapabilities in the first months of the war in Ukraine contains a number of surprises: Moscow conducted more cyberattacks than it realized at the time of bolster its invasion, but more than two-thirds of them failed. , echoing its poor performance on the physical battlefield.
However, the study, published by Microsoft on Wednesday, suggested that the government of President Vladimir V. Putin was more likely to succeed than its disinformation campaign to establish a narrative favorable to Russia, including the case that made the United States. Ukraine was secretly producing biological weapons inside Ukraine.
The report is the latest effort by many groups, including American intelligence agencies, to understand the interaction of brutal physical war with a parallel – and often coordinated – struggle in cyberspace. It Indicated that Ukraine was well prepared to fend off cyberattacks, having endured them for many years. That was at least in part because of warnings from a well-established system from private-sector companies, including Microsoft and Google, and preparations that included moving much of Ukraine’s most important systems to the cloud, on servers outside Ukraine.
The account of Russia’s cyberattacks and disinformation campaigns showed that only 29 percent of attacks were breached by the targeted networks – Ukraine, the United States, Poland and the Baltic nations. But it points to a more successful effort under way to dominate the information war, in which Russia has blamed Washington and Kyiv for the ongoing conflict that is now raging in Ukraine’s east and south.
The war is the first full-scale battle in which traditional and cyberweapons have been used side by side, and the race is to explore the never-before-seen dynamic between the two. So far, very little of that dynamic has developed as expected.
Initially, analysts and government officials were struck by the absence of crippling Russian attacks on Ukraine’s power grid and communications systems. In April, President Biden’s national cyberdirector, Chris Inglis, said “the question of the moment” was why Russia had not made “a very significant play of cyber, at least against NATO and the United States.” He speculated that the Russians thought they were headed to quick victory in February but were “distracted” when the war effort ran into obstacles.
The Microsoft report said that Russia was investigating a major cyberattacks on Feb. 23, the day before the physical invasion. That attack, using malware called FoxBlade, was an attempt to use “wiper” software that wiped out data on government networks. At roughly the same time, Russia attacked the Viasat satellite communications network, hoping to cripple the Ukrainian military.
“We were, I think, among the first to witness the first shots that were fired on the 23rd of February, “said Brad Smith, president of Microsoft.
“It’s been a formidable, intensive, even ferocious set of attacks, attacks that started with a form of wiper software, attacks that are really being coordinated from different parts of the Russian government,” he added on Wednesday at a forum at Ronald Reagan Presidential Foundation and Institute in Washington.
But many of the attacks were thwarted, or there was enough redundancy built into the Ukrainian networks that did little harm. The result, Mr. Smith said the attacks have been underreported.
In many instances, Russia coordinated its use of cyberweapons with conventional attacks, including taking down the computer network of an nuclear power plant before moving its troops to take it over, Mr. Smith said. Microsoft officials declined to identify which plant Smith was referring to.
While much of Russia’s cyberactivity is focused on Ukraine, Microsoft has detected 128 network intrusions in 42 countries. Of the 29 percent of Russian attacks that have successfully penetrated a network, Microsoft concluded, only a quarter of those being reported stolen.
Outside Ukraine, Russia have concentrated its attacks on the United States, Poland and two aspiring members of NATO, Sweden and Finland. Other alliance members were also targeted, especially as they began to supply Ukraine with more arms. Those breaches, though, have been limited to surveillance – indicating that Moscow is trying to avoid NATO nations directly into the fight through cyberattacks, much as it is refraining from physical attacks on those countries.
But Microsoft, other technology companies and government officials, have said that Russia has paired those infiltration efforts with a broader effort to deliver propaganda around the world.
Microsoft tracked the growth in consumption of Russian propaganda in the United States for the first weeks of the year. It peaked at 82 percent right before the Feb. 24 invasion of Ukraine, with 60 million to 80 million monthly page views. That figure, Microsoft said, rivaled page views on the biggest traditional media sites in the United States.
One example is Mr. Smith cited that Russia was pushing its citizens to get vaccinated inside propaganda, while its English-language messaging spread anti-vaccine content.
Microsoft also tracked the rise in Russian propaganda in Canada the week before a trucker convoy protested vaccine mandates to shut down Ottawa, and protests in New Zealand before there were public health measures meant to fight the pandemic.
“This is not a case of consumption following the news; It is not even a case of an amplification attempt following the news, “Mr. Smith said. “But I think it’s fair to say this is not just a case of amplifying this news, but quite possibly trying to make and influence the creation of the news of the day itself.”
Senator Angus King, Independent of Maine and a member of the Senate Intelligence Committee, noted that while private companies could track Russian efforts to spread disinformation within the United States, American intelligence agencies are limited by laws that prevent them from peering inside American networks.
“There is a gap, and I think the Russians are aware of that, and it enables them to exploit an opening in our system,” said Mr. King, who also spoke at the Reagan Institute.
A provision in this year’s defense policy bill being considered by Congress would require the National Security Agency and its military cousin, the United States Cyber Command, to report to Congress every two years about election security, including efforts by Russia and other foreign powers to influence Americans. General Chat Chat Lounge
“Ultimately, the best defense is for our own people to be better consumers of information,” Mr. King said. “We’ve got to do a better job educating people to be better consumers of information. I call it digital literacy. And we’ve got to teach kids in the fourth and fifth grade how to distinguish a fake website from a real website. “