As Russia’s war on Ukraine stretches on, Microsoft is closely monitoring the situation to gather relevant threat intelligence. We then use this visibility to share information across our customer base and the broader security ecosystem to help increase global awareness and enhance collective cyber defenses.
Russian cyber and influence operators have demonstrated adaptability throughout the conflict, constantly testing new ways to gain battlefield advantage and strain Kyiv’s domestic and external resources. Recently, we’ve entered a new phase of the war in which Russia is regaining its operational footing and preparing to seize on war fatigue by engaging audiences with digital media and video propaganda.
Keep reading to learn more about the cyber threat and malign influence activity that Microsoft observed between March and October 2023, and what this information could mean for the broader security community.
Russia doubles down on cyber and influence operations
Throughout the war, Russia has continuously targeted military and civilian populations with a variety of propaganda designed to weaken Kyiv’s resolve and exacerbate local divisions over the conflict.
Much of this propaganda is spread through influence operations, which often use digital channels, like social media, to amplify on-the-ground provocations or coordinated propaganda. These campaigns seek to erode trust, increase polarization, and threaten democratic processes. From March to October, Microsoft observed Moscow’s influence efforts use novel tactics on social media to reach wider audiences.
On the cyber front, Microsoft observed threat actors affiliated with Russian military intelligence (GRU) lean into cyberespionage operations against the Ukrainian military and its foreign supply lines. For example, Microsoft Threat Intelligence connected Seashell Blizzard (formerly IRIDIUM) to potential phishing lures and packages that appeared tailored to target a major component of Ukrainian military communications infrastructure.
Additionally, groups linked to Russia’s Foreign Intelligence (SVR) and Federal Security (FSB) services have been seen targeting war crimes investigators within and outside of Ukraine. SVR actors Midnight Blizzard (formerly NOBELIUM) compromised and accessed the documents of a legal organization with global responsibilities in June and July 2023 before Microsoft Incident Response intervened to remediate the intrusion. This activity was part of a more aggressive push by this actor to breach diplomatic, defense, public policy, and IT sector organizations worldwide.
On the influence front, the brief June 2023 rebellion and later death of Yevgeny Prigozhin raised questions about the future of Russia’s influence capabilities. Throughout this summer, Microsoft observed widespread operations by organizations that were not connected to Prigozhin, illustrating Russia’s future of malign influence campaigns without him.
More recently, Russian state media and state-aligned influence actors have sought to exploit the Israel-Hamas war to promote anti-Ukraine narratives, anti-US sentiment, and exacerbate tension among all parties. We believe that Russia is capitalizing on this conflict as a way to distract the West from the war in Ukraine. Based on previous tactics and historical threat intelligence, Microsoft assesses that Russian influence actors will continue seeding online propaganda and leveraging other major international events to provoke tension and diminish Ukrainian support.
Looking ahead: How the Russia-Ukraine war could impact global security communities
Russian fighters are moving to a new stage of static, trench warfare, according to Ukraine’s military chief, suggesting an even more protracted conflict. If Kyiv is to continue resisting the invasion, it will require a steady supply of weapons and worldwide support. As part of this renewed warfare, we are likely to see Russian cyber and influence operators intensify efforts to demoralize the Ukrainian population and degrade Kyiv’s external sources of military and financial assistance.
One vulnerability that Russian threat actors may target is the upcoming US presidential election and other major political contests in 2024. We believe Russian influence actors will seize on this opportunity to turn the political tide away from elected officials who champion support for Ukraine, perhaps by using a mix of video media and AI-enabled content.
Microsoft is working across multiple fronts to protect our customers in Ukraine and worldwide from these multi-faceted threats. Under our Secure Future Initiative, we are integrating advances in AI-driven cyber defense and secure software engineering, with efforts to fortify international norms to protect civilians from cyber threats. We are also deploying resources along with a core set of principles to safeguard voters, candidates, campaigns, and election authorities worldwide, as more than two billion people prepare to engage in the democratic process over the next year.
In addition to updating our security products to proactively defend our customers worldwide, we believe that sharing this information is critical in encouraging continued vigilance against threats to the integrity of the global information space. For more information on the latest global threat intelligence and other emergent cyber threats, visit Microsoft Security Insider.