03 June 2022

UP IN THE MICROSOFT CLOUD: Spy vs Spy in World's Cyber Espionage 'Hybrid-War'

Hmmm. This report by Jenna McLaughlin about the U.S. Cyber Command states it's an effort to expose Russian aggression. OK, but both sides are deeply involved    
The so-called "world's first hybrid-cyberwar" in Ukraine hasn't always been front and center of news coverage, but it's one of the things that might most directly impact the West. . .
=========================================================================
Maxi Priest It All Comes Back To Love Sticker - Maxi Priest It All Comes Back To Love Reggae StickersBLOGGER NOTE: Hybrid wars and cyber warfare have been front and center - and in the archives - on this blog for many months. Please use the Searchbox on right-hand margin >>>>>
=========================================================================
Even as the U.S. government is a key ally to Ukrainian defenders, the private sector might have a more complete picture of what's going on at any given time, because of their access to the digital systems in Russian hackers' crosshairs.
The relationship between the U.S. private sector and Ukraine has only deepened as the war drags on into its third month.
During an interview with NPR in Seattle last week, Microsoft head of customer security and trust Tom Burt detailed what his team has been seeing throughout the war, beginning a couple months prior to the official start of the physical invasion.
 
National

A digital conflict between Russia and Ukraine rages on behind the scenes of war

 
< SEATTLE — On the sidelines of a conference in Estonia on Wednesday, a senior U.S. intelligence official told British outlet Sky News that the U.S. is running offensive cyber operations in support of Ukraine.

"My job is to provide a series of options to the secretary of defense and the president, and so that's what I do," said Gen. Paul Nakasone, the head of the National Security Agency, who also serves as the chief of the Pentagon's digital branch, the U.S Cyber Command.

While he did not give any further detail, it was the first time the spy chief alluded to the U.S. government's efforts to launch counterattacks against Russia in cyberspace, in addition to helping defend Ukrainian agencies. . .

The buildup

In January, according to Tom Burt - Microsoft head of customer security and trust - Microsoft witnessed several "destructive attacks against a number of Ukrainian government agencies." This was the first time Microsoft and others observed what's become a major feature of Russia's digital strategy during the war — using wiper malware designed to destroy data within Ukrainian agencies. . ."That's the experimental zone for Russian cyberattacks," he said.

Before publicly revealing what Microsoft had seen and attributing those attacks to Russia, Burt said he reached out to U.S. and Ukrainian government partners, to make sure Microsoft didn't "disrupt what might be very delicate conversations that were happening at the time."

However, Burt said, both governments gave the green light — just one example of how public officials have been more open about disclosing sensitive information during the war in an effort to expose Russian aggression.

It became obvious to Burt that an invasion was imminent on February 23, a day before Putin announced the "special military operation," he said. "So it's commonly believed that the invasion of Ukraine started on February 24th. But from our viewpoint, it really started on February 23rd, about 10 hours before the missiles were launched and the tanks rolled across the border," said Burt. "There was a huge wiper attack across 300 different systems in government agencies and private sector companies in Ukraine."

According to Burt, at the beginning of the invasion, Microsoft only really had a pinhole view into what was happening in Ukraine. While some Ukrainian companies and agencies were using Microsoft products, where the company is routinely looking for threats, very few were using the cloud, where Microsoft has the most insights.

cloud-data

Before the war, there was actually a law that prevented Ukranian agencies from using the cloud. That position was reversed on March 16, when the Ministry of Digital Transformation announced that state authorities are now allowed to store data using cloud services. According to Burt, Microsoft has been helping these agencies make the transition, and has become more able to detect threats as a result. . .

The cyber and the physical

In the first days of the invasion, both the Russian military and hackers were targeting Ukrainian media and communications...There have also been combined cyberattacks and physical assaults on energy and IT infrastructure, from nuclear power plants to tech companies, Burt said. More recently, Burt told NPR, Microsoft has seen Russia targeting Ukrainian railways with both cyberattacks and missiles. In this phase of the invasion, there's an effort to disrupt Ukraine's ability to resupply and move vital goods around the country.

..."And so we see, again, of course, sponsoring both the cyberattack and the kinetic attack in in support of what is clearly a hybrid war where the Russians are using all those resources in combination," Burt said.

[.   ] Working with Ukrainians on the front lines

On the ground in Ukraine, Ukrainian cybersecurity officials face a constant barrage. On Tuesday, Ukrainian mobile communications operations in the south in Kherson reported communication outages, which they linked to Russia. . .It's a constant struggle.

While Ukrainian officials were able to get communications back online by routing internet traffic through a Russian internet provider, according to Net Blocks, an organization that tracks internet disruptions, that opens those communications up to even further surveillance and disruption by Russia.

. . .

Burt recalled one instance where his team was trying to alert one Ukrainian company to a possible cyberattack, when they received a message back that the company couldn't respond because the building was surrounded by Russian tanks.

"If you are Ukrainian, this has been a relentless, unending cyber war that has been launched in correspondence with the physical war in what is clearly the world's first major hybrid war," said Burt."

 

 

 

No comments: