WASHINGTON — A new examination of how Russia used its cyber capabilities in the first months of the war in Ukraine contains a number of surprises: Moscow carried out more cyberattacks than was perceived at the time to bolster its invasion, but more than two-thirds of them failed. , echoing his poor performance on the physical battlefield.
However, the study, published by Microsoft on Wednesday, suggested that the government of President Vladimir V. Putin was having more success than many expected with its disinformation campaign to establish a pro-Russian narrative of the war, even arguing that The United States was secretly producing biological weapons inside Ukraine.
The report is the latest effort by many groups, including US intelligence agencies, to understand the interaction of brutal physical warfare with parallel, and often coordinated, fighting in cyberspace. He noted that Ukraine was well prepared to defend against cyber attacks, having endured them for many years. That was due, at least in part, to a well-established system of warnings from private-sector companies, including Microsoft and Google, and preparations that included moving much of Ukraine’s most important systems to the cloud, to servers outside of Ukraine. .
Counting Russia’s cyberattacks and disinformation campaigns showed that only 29 percent of attacks breached targeted networks: in Ukraine, the United States, Poland and the Baltic nations. But it points to a more successful ongoing effort to tame information warfare, in which Russia has blamed Washington and Kyiv for starting the conflict now raging in eastern and southern Ukraine.
The war is the first large-scale battle to use traditional and cyber weapons at the same time, and the race is on to explore the never-before-seen dynamic between the two. So far, very little of that dynamic has played out as expected.
Analysts and government officials were initially surprised by the absence of devastating Russian attacks on Ukraine’s power grid and communications systems. In April, President Biden’s national cyber director, Chris Inglis, said that “the question of the moment” was why Russia had not made “a very significant cyber move, at least against NATO and the United States.” He speculated that the Russians thought they were headed for a quick victory in February, but “got distracted” when the war effort hit roadblocks.
The Microsoft report said that Russia had attempted a major cyberattack on February 23, the day before the physical invasion. That attack, which used malware called FoxBlade, was an attempt to use “cleaner” software that wiped out data on government networks. At about the same time, Russia attacked the Viasat satellite communications network, hoping to cripple the Ukrainian military.
“Us I think they were among the first to witness the first shots being fired on February 23,” said Brad Smith, president of Microsoft.
“It has been a series of formidable, intensive and even ferocious attacks, attacks that started with a form of cleaning software, attacks that are actually being coordinated from different parts of the Russian government,” he added Wednesday at a forum at the Ronald Foundation. and the Reagan Presidential Institute in Washington.
But many of the attacks were thwarted, or there was enough redundancy built into Ukrainian networks that the efforts caused little damage. The result, Smith said, is that the attacks have gone unreported.
In many cases, Russia coordinated its use of cyber weapons with conventional attacks, including taking down a nuclear power plant’s computer network before moving in its troops to take control, Smith said. Microsoft officials declined to identify which plant Smith was referring to.
While much of Russia’s cyber activity has been focused on Ukraine, Microsoft has detected 128 network intrusions in 42 countries. Of the 29 percent of Russian attacks that have successfully penetrated a network, Microsoft found, only a quarter of them resulted in data theft.
Outside Ukraine, Russia has concentrated its attacks on the United States, Poland and two would-be NATO members, Sweden and Finland. Other members of the alliance also came under attack, especially when they started supplying Ukraine with more weapons. However, those breaches have been limited to surveillance, indicating that Moscow is trying to prevent NATO nations from directly participating in the fight through cyberattacks, just as it is refraining from physical attacks against those countries.
But Microsoft, other technology companies and government officials have said Russia has coupled such infiltration attempts with a broad effort to spread propaganda around the world.
Microsoft tracked the growth in consumption of Russian propaganda in the United States in the first weeks of the year. It peaked at 82 percent just before the Ukraine invasion on February 24, with 60 to 80 million monthly page views. That figure, Microsoft said, rivaled page views on the largest traditional media sites in the United States.
One example Smith cited was Russian propaganda within Russia that pressures its citizens to get vaccinated, while their English-language messages spread anti-vaccine content.
Microsoft also tracked the rise of Russian propaganda in Canada in the weeks before a convoy of truckers protesting vaccine mandates tried to shut down Ottawa, and that in New Zealand before protests there against public health measures aimed at fight the pandemic.
“It is not a case of consumption following the news; it’s not even a case of a post-news amplification effort,” said Mr. Smith. “But I think it’s fair to say that it’s not just about this amplification that precedes the news, it’s quite possibly trying to create and influence the creation of the news of the day itself.”
Sen. Angus King, an independent from Maine and a member of the Senate Intelligence Committee, noted that while private companies can track Russian efforts to spread disinformation within the United States, US intelligence agencies are limited by laws that prevent them from doing so. spy on American networks.
“There is a loophole, and I think the Russians are aware of that, and it allowed them to exploit a loophole in our system,” said King, who also spoke at the Reagan Institute.
A provision in this year’s defense policy bill being considered by Congress would require the National Security Agency and its military cousin, the United States Cyber Command, to report to Congress every two years on the security election, including efforts by Russia and other foreign powers to influence Americans. .
“Ultimately, the best defense is for our own people to be better consumers of information,” King said. “We have to do a better job of educating people to be better consumers of information. I call it digital literacy. And we have to teach fourth and fifth graders how to tell a fake website from a real website.”