Microsoft’s new report out on the very loud computer attacks during the Ukraine War highlight how the U.S. has been a target of aggression.
The chart above represents the geographic distribution of customers notified of all nation state threat activity, not just Russian, between July 1, 2020, and June 30, 2021. By June 2021, Ukraine was the second-most impacted country we observed, reflecting 19% of all notifications of nation-state threat activity that we provided to customers during that time, largely due to the ramp up of Russian activity.
When it says “by June 2021” this is in context of Russian invasion of Ukraine starting 24th February 2022 (a year later) — Internet-based attacks are linked all the way back to at least March of the prior year.
Cyber attacks may have been long-prepared ahead of time yet also came in secondary or even tertiary waves behind kinetic attempts at damage. For example Ukrtelecom fought off Russian cyber attacks at the end of March 2022. At the start of that same month a major communications tower in a civilian area of Kyiv had been fired upon with missiles.
Government and information technology services were flagged as the most targeted during Russia-aligned network intrusions or destructive attacks, although Microsoft did a weird thing by grouping Ukrainian finance, defense, transportation and more into an “Other” category… while listing Internet and defense as separate too.
Microsoft believes only a half-dozen Russian government (e.g. “sponsored”) groups launched more than two-hundred attacks against Ukraine. Thirty-seven were classified as destructive, however less than half of those were in a broad category of critical infrastructure.
More than 40% of the destructive attacks were aimed at organizations in critical infrastructure sectors that could have negative second-order effects on the government, military, economy, and people. Thirty-two percent of destructive incidents affected Ukrainian government organizations at the national, regional, and city levels.
Microsoft’s report doesn’t mention levels of capability. Elsewhere they’ve said things to the press like Russia “brought all their best actors to focus on this” without providing any real scale to measure against.
Russian attacks have been plagued with incompetence whether land, sea or air so it’s hard to tell if Microsoft is laughing at the technical ability of Russia or trying to be serious about a telco having a one-day 20% drop in service being as bad as it gets.
In other words, when people say things like Ukraine is doing better than expected, it’s probably more accurate to say Russian ability is more overblown than even a Tesla — riddled with fraud and in-fighting, a dumpster fire of the “strong man” myth (e.g. paper bear).