Russian state-backed hackers carried out hundreds of cyberattacks against Ukraine that appeared to support Russia’s military operations and online propaganda, Microsoft said in its report detailing Russian cyber operations in Ukraine.

“Starting just before the invasion, we have seen at least six separate Russia-aligned nation-state actors launch more than 237 operations against Ukraine – including destructive attacks that are ongoing and threaten civilian welfare. The destructive attacks have also been accompanied by broad espionage and intelligence activities,” said Tom Burt, Microsoft's corporate vice president for customer security and trust.

“The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership. We have also observed limited espionage attack activity involving other NATO member states, and some disinformation activity.”

Microsoft said it detected nearly 40 destructive attacks targeting hundreds of systems, 32% of which directly targeted Ukrainian government organizations at the national, regional and city levels.

Over 40% of attacks targeted organizations in critical infrastructure sectors that could have negative impact on the Ukrainian government, military, economy and civilians.

The Microsoft Threat Intelligence Center (MSTIC) observed cyberattacks orchestrated by threat actors linked to the Russian military intelligence service, including APT28, Sandworm, Gamaredon, EnergeticBear, Turla, DEV-0586, and UNC2452/2652.

The researchers observed multiple malware families deployed in attacks, such as WhisperGate/WhisperKill, FoxBlade (also known as HermeticWiper), SonicVote (HermeticRansom), CaddyWiper, DesertBlade, Industroyer2, Lasainraw (IsaacWiper), and FiberLake (DoubleZero). Three of the malware families (FoxBlade, CaddyWiper, and Industroyer2) were attributed to Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST) otherwise known as the Sandworm hacker group.

This week, the US State Department announced a reward of up to $10 million for information on six Russian military intelligence officers believed to be members of Sandworm.

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!