Microsoft’s latest intelligence report highlights lessons learned from early Russian cyberattacks against Ukraine

Kareem Anderson

Russia - Ukraine Cyberwarfare

As Russia continues to invade Ukraine, Microsoft is taking some early lessons from their initial cyber defensive assistance of Ukraine, and sharing its insights with the public at large.

In a post to the Microsoft on the Issues blog, company president and vice chair Brad Smith opines over reoccurring themes of warfare and how the war in Ukraine follows a similar yet updated parallel to other historical battles.

Smith’s analogues conclusion lays bare the efforts by Russia to preemptively shutter vital Ukrainian defenses while also exploring Microsoft’s efforts in assisting in the defense of technological targets and a tentative strategy Microsoft is suggesting to help harden businesses, institutions, governments and nations against future cyber-attacks.

The war in Ukraine follows this pattern. The Russian military poured across the Ukrainian border on February 24, 2022, with a combination of troops, tanks, aircraft, and cruise missiles. But the first shots were in fact fired hours before when the calendar still said February 23. They involved a cyberweapon called “Foxblade” that was launched against computers in Ukraine. Reflecting the technology of our time, those among the first to observe the attack were half a world away, working in the United States in Redmond, Washington.

Smith breaks down the three-part strategy Microsoft observed during its early defense assistance of Ukraine as follows, “destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world.”

To defend against similarly coordinated efforts, Microsoft has concluded that at the bare minimum, the following five tenants to a better defense of cyber warfare should be noted.

  1. First, defense against a military invasion now requires for most countries the ability to disburse and distribute digital operations and data assets across borders and into other countries.
  2. Second, recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks.
  3. Third, as a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine.
  4. Fourth, in coordination with these other cyber activities, Russian agencies are conducting global cyber-influence operations to support their war efforts.
    1. Russian agencies are focusing their cyber-influence operations on four distinct audiences. They are targeting the Russian population with the goal of sustaining support for the war effort. They are targeting the Ukrainian population with the goal of undermining confidence in the country’s willingness and ability to withstand Russian attacks. They are targeting American and European populations with the goal of undermining Western unity and deflecting criticism of Russian military war crimes. And they are starting to target populations in nonaligned countries, potentially in part to sustain their support at the United Nations and in other venues.
  5. Finally, the lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.

While these are the broad strokes of Smith’s general warning call, he does offer a more comprehensive report titled Defending Ukraine: Early Lessons from the Cyber War that was published today, alongside an in-depth presentation for the Center for Freedom and Democracy.

In both mediums, Smith implores his audience to take heed of current cyber warfare efforts caught and highlighted by Microsoft to be the impetus for enacting “effective measures that will be vital to the protection of democracy’s future.”