Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Microsoft Warns of Growing Russian Digital Threats to Europe

Russia May Target Supply Chain Operations and Boost Influence Operations
Microsoft Warns of Growing Russian Digital Threats to Europe
Ukrainian troops training with artillery in 2018 (Image: Ministry of Defense of Ukraine/CC BY-SA 2.0).

An October ransomware attack by a Russian military intelligence threat actor on transportation and related logistics industries in Poland may be an indication of the Kremlin's intent to pursue its Ukrainian offensive in European cyberspace, computing giant Microsoft warns.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

Russia already pursues a strategy of digitally enabled disinformation in Europe - it's particularly effective in Central European countries, including Germany, and that's likely to intensify in the coming months, the company wrote in a Saturday alert.

"The world should be prepared for several lines of potential Russian attack in the digital domain over the course of this winter," wrote Clint Watts, general manager of Microsoft's Digital Threat Analysis Center.

Microsoft earlier this fall attributed a novel ransomware campaign active in Ukraine and Poland to the same Kremlin threat actor responsible for NotPetya malware and for wintertime cyberattacks against Ukrainian electricity providers in 2015 and 2016. Associated with Russia's GRU military intelligence agency, the threat actor most often is known by the moniker Sandworm, although Microsoft tracks it as Iridium.

Recent activity by Sandworm shows it mirroring Moscow's increased readiness to target Ukrainian critical infrastructure in the wake of military defeats that forced retreats from previously occupied territory. Ukrainian counteroffensive successes have been matched with a spike in CaddyWiper and FoxBlade wiper malware activity launched against organizations that primarily serve Kyiv and are involved in power generation, water supply and the transportation of people and goods, Microsoft says.

Sandworm's deployment of ransomware Microsoft dubs "Prestige" against Polish targets suggests readiness to disrupt the Ukrainian supply chain even when it reaches into Europe. Prestige had a limited effect, but attackers "almost certainly collected intelligence on supply routes and logistics operations that could facilitate future attacks."

A more deniable way of disrupting European support for Ukraine may be an intensification of disinformation operations, particularly in Germany, Microsoft also assesses. Germany ranks highest among Western European countries in consumption of Russia propaganda, according to metrics kept by Microsoft on consumption of news from Russian state-controlled and state-sponsored news outlets and amplifiers.

A large Russian diaspora combined with a decadeslong government policy of rapprochement with Moscow has created in Germany a sympathetic audience open to propaganda couched in rhetoric about the economy and energy.

Germany is not the only country where Russian influence operations hold sway. Microsoft states that ongoing protests in the Czech Republic calling for the Ukraine-allied, center-right government to step down have promoted Russia's talking points on energy and are repeatedly featured in Russian state-owned and state-affiliated media.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.