SEATTLE aEUR” A senior U.S. intelligence officer told Sky News on Wednesday that the U.S. was running offensive cyber operations to support Ukraine.
“My job is provide a series options to the secretaryof defense and president, and that’s what my job is,” stated Gen. Paul Nakasone of the National Security Agency. He also serves as chief of the Pentagon’s digital branch, U.S Cyber Command.
Although he didn’t give much more detail, it was the first time that the spy chief mentioned the U.S. government’s efforts to launch cyberattacks against Russia.
Although the so-called cyberwar in Ukraine is not always the main focus of media coverage, it is one of the most important things to impact the West. According to cybersecurity experts, there is still the possibility that U.S. businesses or critical infrastructure could be collateral damage if Russian hackers retaliate.
The U.S. government remains a crucial ally for Ukrainian defenders. However, the private sector may have a better understanding of what’s happening at any particular time due to their access to digital systems under Russian hackers’ eye. As the war drags on, the relationship between the U.S. and Ukraine only gets more complicated.
In an interview with NPR Seattle, Microsoft’s head of customer security & trust, Tom Burt, described what his team has seen throughout the war. This began a few months before the official start of physical invasion.
Burt claims that Microsoft was witness to several “destructive attack” against Ukrainian government agencies in January. Microsoft and others had never before seen what has become a key feature of Russia’s digital strategy in the war aEUR. The wiper malware was designed to destroy data inside Ukrainian agencies. Burt stated that his team was investigating whether the attacks were part of a larger offensive or if they were yet another example where Russia is testing digital attack techniques against Ukraine, something the Kremlin does for many years.
He said, “That’s an experimental zone for Russian cyberattacks.”
Burt stated that he had spoken to U.S. government partners and Ukrainian government partners before revealing the details of Microsoft’s attacks and blaming Russia for them. Burt stated that both governments gave permission for aEUR.” This is just one example of the way public officials were more open to sharing sensitive information during wartime in order to expose Russian aggression.
Burt saw that an invasion was imminent the day after Putin declared his “special military operation” on February 23.
So it is widely believed that the invasion began on February 24, 2014. Burt stated that it actually started on February 23, 10 hours before the missiles and tanks were launched. “There was a massive wiper attack on 300 systems in both government agencies and private companies in Ukraine.
Burt claims that Microsoft had only a narrow view of what was going on in Ukraine at the time of the invasion. Although some Ukrainian agencies and companies were using Microsoft products to look for threats, few were using the cloud where Microsoft has the most insight. The law that prohibited Ukranian agencies from using cloud services existed before the war. On March 16, the Ministry of Digital Transformation declared that all state authorities can now store data via cloud services. Burt claims that Microsoft has helped these agencies transition and has made them more capable of detecting threats.
Burt says that while there are limitations to the cloud, other benefits can be found.
He explained that he had been working with the Ukrainian government agencies to move them all to the cloud, “at least to provide a backup in case they are compromised on site.”
Burt claims that his team noticed a pattern throughout the war: Russian hackers often have the same objectives as the Russian military on ground. Although he could not definitively state that the two groups were cooperating, Microsoft analysts knew immediately that they were following the same playbook.
Invasion began in the early days. Both hackers and the Russian military were targeting communications and media in Ukraine.
They bombed radio towers. They invaded and seized media firms. He said that they also engaged in cyber attacks against media companies.”
Russian hackers launched a series denial-of service attacks on official government websites, financial institutions, causing panic among the public about their ability to access both official information and their bank accounts. In the background, Russian hackers were also targeting Viasat, an European satellite company, and several other satellites throughout Europe. This temporarily disrupted Ukrainian military communications.
Unfortunately, the early, untrained public attacks failed to have long-term consequences. Websites were quickly restored online and people were able to withdraw money without delay. Alternative communication methods were available to the Ukrainian military officials. The attacks caused panic and unease during the initial stages of the invasion.
Burt stated that Microsoft was ultimately able to alert Ukrainian media companies in the initial phases of attacks and help them implement countermeasures.
He concluded that Russia has not succeeded in closing down media communications with Ukrainian citizens.
Burt stated that Microsoft had detected several instances of Russian hackers stealing information on Ukrainian cities in espionage style attacks before launching physical strikes, probably in an attempt to find valuable information for troops.
Burt stated that there have been cyberattacks as well as physical attacks on IT infrastructure and energy, ranging from nuclear power plants and tech companies.
Burt said that Microsoft had seen Russia attack Ukrainian railways using both missiles and cyberattacks. This phase of the invasion aims to stop Ukraine from resupplying and moving vital goods across the country.
Microsoft also noted that Russia is using trauma from their military operations to weaponize it. Microsoft discovered at least one instance in which a Russian actor claimed to be a victim of Mariupol, a city under siege in Ukraine, in order to spread misinformation about the abandonment of Ukrainian officials in an attempt to force citizens to surrender.
Burt stated, “So we see, once again, that sponsoring both cyberattacks and kinetic attacks in support of what’s clearly a hybrid war in which the Russians use all those resources together,”
The constant threat to Ukrainian cybersecurity personnel is constant on the ground in Ukraine. On Tuesday, communication problems were reported by Ukrainian mobile communications operators in Kherson’s south. They linked to Russia.
Representatives from the Ukrainian State Service of Special Communication and Information Protection stated in a statement that “it is not the first attempt at making it impossible for Ukrainian citizens living in temporarily occupied areas of Ukraine to get in touch, call an ambulance, rescuers, and access the truth information on the developments of the war,”
It is a constant battle. Officials from Ukraine were able to restore communications by routing their internet traffic through a Russian internet provider. However, Net Blocks, an organization that monitors internet disruptions, says that this opens up those communications to further Russian surveillance and disruption.
Burt recalls a time when his team tried to alert a Ukrainian company about a possible cyberattack. However, they were sent a message saying that the company could not respond as the building was being surrounded by Russian tanks.
Burt stated, “If you’re Ukrainian, this has been an incessant, unending cyberwar that has been launched to correspond with the physical war in the first major hybrid war in the world.”