WASHINGTON — A new investigation into how Russia used its cyber capabilities in the early months of the war in Ukraine holds some surprises: Moscow carried out more cyber attacks than was realized at the time to bolster its invasion, but more than two-thirds of them failed, in imitation of the poor performance on the physical battlefield.
However, the study, published by Microsoft on Wednesday, suggested that President Vladimir V. Putin’s administration succeeded more than many expected with its disinformation campaign to build a Russia-beneficial narrative about the war, including the argument. that the United States secretly produced biological weapons in Ukraine.
The report is the latest effort by many groups, including US intelligence, to understand how brutal physical war interacts with parallel — and often coordinated — struggles in cyberspace. It indicated that Ukraine was well prepared to fend off cyber-attacks, after enduring them for many years. That was, at least in part, thanks to a well-established system of alerts from private sector companies, including Microsoft and Google, and preparations, including moving much of Ukraine’s core systems to the cloud, to servers outside. Ukraine.
The report of Russia’s cyber-attacks and disinformation campaigns found that only 29 percent of the attacks broke the targeted networks – in Ukraine, the United States, Poland and the Baltic States. But it points to a more successful attempt to dominate the information war, in which Russia has blamed Washington and Kiev for the start of the conflict now raging in eastern and southern Ukraine.
The war is the first large-scale battle in which traditional and cyber weapons have been used side by side, and the race has begun to explore the never-before-seen dynamics between the two. So far, little of those dynamics has developed as expected.
Initially, analysts and government officials were struck by the absence of crippling Russian attacks on Ukraine’s power grid and communications systems. In April, Chris Inglis, President Biden’s national cyber director, said “the question of the moment” was why Russia had “not launched a very significant cyber attack, at least against NATO and the United States”. He speculated that the Russians thought they were headed for a quick victory in February, but “were distracted” when the war effort ran into obstacles.
The Microsoft report said that on February 23, the day before the physical invasion, Russia attempted a major cyber attack. That attack, using malware called FoxBlade, was an attempt to use “eraser” software that wipes data on government networks. At about the same time, Russia attacked the Viasat satellite communications network, hoping to cripple the Ukrainian military.
“We were, I think, one of the first to witness the first shots fired on February 23,” said Brad Smith, Microsoft’s president.
“It has been a formidable, intensive, even relentless series of attacks, attacks that started with one form of wiper software, attacks that are really coordinated by different parts of the Russian government,” he added at a forum on Wednesday. the Ronald Reagan Presidential Foundation and Institute in Washington.
But many of the attacks were thwarted, or there was enough redundancy built into Ukraine’s networks that the efforts did little damage. As a result, Mr Smith said, the attacks have been under-reported.
In many cases, Russia coordinated its use of cyberweapons with conventional attacks, including shutting down a nuclear power plant’s computer network before deploying its troops to take it over, Mr Smith said. Microsoft officials declined to identify which factory Mr. Smith was referring to.
While much of Russia’s cyber activity has focused on Ukraine, Microsoft has detected 128 network intrusions in 42 countries. Of the 29 percent of Russian attacks that successfully penetrated a network, Microsoft concluded, only a quarter resulted in data theft.
Outside of Ukraine, Russia has concentrated its attacks on the United States, Poland and two aspiring NATO members, Sweden and Finland. Other alliance members were also targeted, especially as they began to supply Ukraine with more weapons. Those breaches, however, were limited to surveillance — indicating that Moscow is trying to prevent NATO countries from being directly involved in the fight through cyber-attacks, just as it refrains from physical attacks on those countries.
But Microsoft, other tech companies and government officials have said Russia has combined these infiltration attempts with a wide-ranging effort to spread propaganda around the world.
Microsoft tracked the growth of Russian propaganda consumption in the United States in the early weeks of the year. It peaked at 82 percent just before the invasion of Ukraine on February 24, with 60 million to 80 million page views monthly. That figure, Microsoft said, rivaled page views on the largest traditional media sites in the United States.
One example Mr Smith cited was Russian propaganda in Russia urging its citizens to get vaccinated, while English-language posts spread anti-vaccination content.
Microsoft also tracked the surge in Russian propaganda in Canada in the weeks before a truck convoy protesting vaccine mandates attempted to shut down Ottawa, and that in New Zealand before protests there against public health measures designed to fight the pandemic.
“It’s not a matter of following consumption on the news; it’s not even a matter of trying to get reinforcements after the news,” said Mr. Smith. “But I think it’s fair to say that it’s not just a case of this amplification that precedes the news, but it’s entirely possible to make and influence the creation of the news on the day itself. “
Senator Angus King, independent from Maine and a member of the Senate Intelligence Committee, noted that while private companies can monitor Russian efforts to spread disinformation in the United States, U.S. intelligence agencies are limited by laws that prevent them from entering U.S. networks. peek.
“There’s a gap, and I think the Russians are aware of that, and it allowed them to exploit a gap in our system,” said Mr. King, who also spoke at the Reagan Institute.
A provision in the defense policy bill being considered by Congress this year would require the National Security Agency and its military cousin, United States Cyber Command, to report to Congress every two years on electoral security, including efforts by Russia and others. foreign powers to influence Americans.
“Ultimately, the best defense for our own people is to be better consumers of information,” said Mr. King. “We need to better educate people to become better consumers of information. I call it digital literacy. And we need to teach kids in the fourth and fifth grade how to tell a fake website from a real one.”