Russia's cyberwarfare tactics show it's in for the long haul, Microsoft says
Expect to see a lot more misinformation in 2024, Microsoft claims
The Ukraine war is quickly approaching its second anniversary and Russia shows no sign of slowing its grueling offensives both on land and in cyberspace, new research has claimed.
Russia has been committed to winning propaganda wars at home and on the internet, and at times has resorted to some fairly intuitive means, including Cameo videos from Elijah Wood.
Now, in its Russia Report, Microsoft’s Threat Analysis Center (MTAC) has outlined a number of tactics favored by the Kremlin’s cyber arm.
Civilians bearing the brunt
From the start of its invasion Russia has treated civilians as legitimate targets, from striking energy infrastructure during the winter of 2022, to the deliberate destruction of agricultural infrastructure this year. Russia hopes to demoralize the Ukrainian population, erode support for Zelensky’s government, and pollute the information space with propaganda.
The Kremlin has a wide range of hacktivist groups supportive of the Russian invasion to do its bidding, with various levels of association with the regime’s Main Intelligence Directorate known as the GRU. These groups also have connections with known state-sponsored groups such as Seashell Blizzard and Cadet Blizzard.
Among organizations targeted by Russian groups, some of the most popular have been war crime investigative organizations. Specifically targeted to disrupt the gathering of evidence, or to steal information related to witnesses and victims, these organizations have suffered repeated distributed denial-of-service (DDoS) attacks, phishing campaigns and network breaches.
There is a wide range of tactics, techniques and procedures (TTP) used by Russian-affiliated cyber groups, but one method that has seen success is the ShadowLink backdoor malware.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Hackers will initially target an organization using a wide variety of means, such as password spraying and phishing campaigns, before establishing a backdoor into a network using pirated Microsoft Office software with a hidden backdoor software known as DarkCrystalRAT. This backdoor can then be used to install the ShadowLink TOR payload, establishing masked access to the network that evades firewalls via TOR.
Eroding support abroad
Another favored target of Russian affiliated cyber groups are Ukraines allies abroad. Russian groups have routinely pursued misinformation and disinformation campaigns with messaging targeting divisive issues related to Ukraine. MTAC has been closely monitoring the work of a Russian affiliated influence actor labeled as Storm-1099. In recent months, Storm-1099 has leveraged the Israel-Hamas war to produce convincing forged stories claiming that weapons supplied to Ukraine were sold to Hamas to commit its attacks in Israel.
Russian groups also seek to erode US and Israeli opinions of Ukraine, and vice versa, with numerous stories that garnered hundreds of thousands of views, falsely suggesting that Ukrainian assets and manpower are being used by Hamas.
One of the most innovative disinformation campaigns run by the Russian affiliated groups has been the use of celebrity videos. By leveraging Cameo, a service where fans can pay celebrities for a video usually containing a personalized message, unknown actors requested videos from celebrities with a personalized message begging “Vladimir” to cease “his” substance abuse and seek professional help.
Video messages from the likes of Elijah Wood, Dean Norris, Kate Flannery and Mike Tyson were then edited to appear as genuine appeals from the actors directly to Volodymyr Zelensky via social media, perpetrating a known Russian disinformation campaign that alleges Zelensky suffers from a substance addiction.
Quantity, not quality
To varying degrees of success, the doctrine of quantity over quality has long been the modus operandi of the Kremlin. MTAC suggests Russia and its affiliated groups will continue to target a breadth of organizations with the intention of disrupting the daily lives of Ukrainian civilians, eroding support abroad, and generating sympathy for Russia’s illegal annexation of Ukrainian territory.
With the upcoming US 2024 presidential election, and many other important elections across Europe, we can expect to see an uptick in malicious campaigns leveraging misinformation surrounding both Ukraine, and the Israel-Hamas war, with the intention of eroding support and therefore aid to Ukraine.
More from TechRadar Pro
Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.