Moscow’s Sandworm hacking group preparing new cyber assault against Ukraine, says Microsoft report

Washington: Russian hackers appear to be preparing a renewed wave of cyberattacks against Ukraine, including a “ransomware-style” threat to organisations serving Ukraine’s supply lines, a research report by Microsoft said on Wednesday.

The report, authored by the tech giant’s cybersecurity research and analysis team, outlines a series of new discoveries about how Russian hackers have operated during the Ukraine conflict and what may come next.

“Since January 2023, Microsoft has observed Russian cyber threat activity adjusting to boost destructive and intelligence gathering capacity on Ukraine and its partners’ civilian and military assets,” the report reads. One group “appears to be preparing for a renewed destructive campaign”.

The findings come as Russia has been introducing new troops to the battlefield in eastern Ukraine, according to Western security officials. Ukraine Defence Minister Oleksiy Reznikov last month warned that Russia could accelerate its military activities surrounding the February 24 anniversary of its invasion.

The Russian embassy in Washington did not immediately respond to a request for comment.

Experts say the tactic of combining physical military operations with cyber techniques mirrors prior Russian activity.

Loading

“Pairing kinetic attacks with efforts to disrupt or deny defenders’ ability to coordinate and to use cyber-dependent technology is not a new strategic approach,” said Emma Schroeder, associate director of the Atlantic Council’s Cyber Statecraft Initiative.

Microsoft found that a particularly sophisticated Russian hacking team, known within the cybersecurity research community as Sandworm, was testing “additional ransomware-style capabilities that could be used in destructive attacks on organisations outside Ukraine that serve key functions in Ukraine’s supply lines.”