Defending Ukraine: Microsoft share conclusions of their cyber-attacks’ defensives against Russian attacks

As Russia continues its attack on Ukraine, Microsoft has taken some of the lessons they have learnt from their cyber attack defensive assistance of Ukraine at the start of the war and have now shared their insights with the world to learn from.

In a recent blog post on Microsoft’s “Microsoft on the Issues” site, Brad Smith, Microsoft VP and Chairman, shared highlights of the re-occurring themes around how the war in Ukraine follows a similar yet updated parallel to other historical battles but with a modern cyber focussed offensive now a huge part of the war-plan.

In this most recent blog, Brad Smith discussed the three-part strategy Microsoft has discovered and observed during their early defense assistance of Ukraine. He calls out “destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world.”

The wider report goes into detail around how Microsoft’s are continuing their efforts in assisting in the defense of technological targets in Ukraine as well as the continuous evolving strategy Microsoft is pushing to further help harden businesses, institutions, governments, and nations against future cyber-attacks.

The Russian military poured across the Ukrainian border on February 24, 2022, with a combination of troops, tanks, aircraft, and cruise missiles. But the first shots were in fact fired hours before when the calendar still said February 23. They involved a cyberweapon called “Foxblade” that was launched against computers in Ukraine. Reflecting the technology of our time, those among the first to observe the attack were half a world away, working in the United States in Redmond, Washington.

Brad Smith | Vice President | Microsoft

Conclusions and how to defend against state nation attacks

Microsoft say that to defend against similar state-nation coordinated attacks you first need to understand the approach, what has worked and what needs to be done to allow other state nations and countries to better protect against cyber warfare. The conclusions of the report (which you can read in depth here), highlights the following:

  1. Defense against a military invasion now requires for most countries the ability to disburse and distribute digital operations and data assets across borders and into other countries.
  2. Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks.
  3. As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine.
  4. In coordination with these other cyber activities, Russian agencies are conducting global cyber-influence operations to support their war efforts. Russian agencies are focusing their cyber-influence operations on four distinct audiences. They are targeting the Russian population with the goal of sustaining support for the war effort. They are targeting the Ukrainian population with the goal of undermining confidence in the country’s willingness and ability to withstand Russian attacks. They are targeting American and European populations with the goal of undermining Western unity and deflecting criticism of Russian military war crimes. And they are starting to target populations in nonaligned countries, potentially in part to sustain their support at the United Nations and in other venues.
  5. Finally, the lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.

The Wider Comprehensive Report

Cyber warfare Ukraine Image

Finally, Brad Smith references the extensive comprehensive report “Defending Ukraine: Early Lessons from the Cyber War” that Microsoft have also recently published which can be read and downloaded here.