Microsoft Report: Defending Ukraine: Early Lessons from the Cyber War


On June 22nd, Microsoft published an updated intelligence report, Defending Ukraine: Early Lessons from the Cyber War. This 28-page report was compiled by Microsoft’s threat intelligence and data science teams. 

The data shows that in the last two months the threat landscape has changed. The aggressive cyber-attacks have shifted from just defending Ukraine to other countries. And also outlines five conclusions that the data reveals.

Russian intel agencies have increased hacking activities on the US and its allies. They are focused on government computer networks to gather intelligence.

Signup for the USA Herald exclusive Newsletter

In addition to Ukraine organizations, Russian-state-backed hackers are attacking American organizations. Russian hacking efforts have widened to 42 countries that support Kyiv.  

Since the invasion, the Kremlin has been isolated on the international stage.

They are focusing on governments, weapon vendors, think tanks, and humanitarian groups to gain war information. Russian cyber operatives are looking for strategic information. 

Targets in the Cyber War

“Since the start of the war, the Russian targeting (of Ukraine’s allies) has been successful 29 percent of the time,” Microsoft President and Vice-Chair Brad Smith wrote.

Through the use of artificial intelligence tools, “Russian cyber influence operations successfully increased the spread of Russian propaganda after the war began by 216 percent in Ukraine and 82 percent in the United States.” the report says.

Nearly 75% of the cyber-espionage targets were NATO members. And data was stolen in at least 1/4 of the successful network hacks.

At least half of 128 targeted organizations are government agencies. And 12% are nongovernmental agencies. Also attacked are telecommunications, energy, and defense companies. 

 “As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine,” Smith said. 

The United States was the main target. And No. 2 was Poland, which serves as the main conduit for military assistance flowing to Ukraine. In the past two months, Sweden, Finland, Denmark, Norway, and Turkey have seen increased attacks from Russia.

 Microsoft claims that Estonia has not detected any Russian cyber intrusions since Russia invaded Ukraine on Feb. 24. Estonia’s adoption of cloud computing makes it easier for them to detect intruders.

“Significant collective defensive weaknesses remain” among some other European governments, Microsoft said.

Defending Ukraine April 27 Report

On April 27 Microsoft released a report detailing how Russia had stepped up cyber-attacks in what they termed a “hybrid war against Ukraine.” And they also explained what the tech giant was doing to “protect Ukrainian people and organizations. “

At the two-month mark since Russia’s invasion of Ukraine, there had been six separate hacker gangs that were “Russia-aligned nation-state actors” that had launched more than 237 operations against Ukraine.

 Ukraine was the primary target of the early attacks.  And Microsoft claimed that the attacks were “accompanied by broad espionage and intelligence activities.”  And were an attempt to “disrupt people’s access to reliable information and critical life services on which civilians depend.”

At that time attacks aimed at NATO member states were limited. And were mainly disinformation campaigns.