Russian government hackers carried out multiple cyber operations against Ukraine that appeared to support Moscow’s military attacks and online propaganda campaigns, Microsoft (MSFT.O) said in a report on Wednesday.
The reported intrusions – some of which have not been previously disclosed – suggest that hacking has played a bigger role in the conflict than what has been publicly known.
The digital onslaught, which Microsoft said began one year prior to Russia’s Feb. 24 invasion, may have laid the groundwork for different military missions in the war-torn territory, researchers found.
Between Feb. 23 and April 8, Microsoft said, it observed a total of 37 Russian destructive cyberattacks inside Ukraine.
The Russian Embassy in Washington did not immediately return a message seeking comment.
The findings underscore how modern warfare can combine digital and kinetic strikes, experts said.
“Russian generals and spies have tried to make cyberattacks part of their war effort while they’ve struggled on the battlefield,” said Thomas Rid, a professor of Strategic Studies at the Paul H. Nitze School of Advanced International Studies at Johns Hopkins University.
Microsoft said Russia’s hacking and military operations worked in “tandem against a shared target set.” The tech company said it could not determine whether this correlation was driven by coordinated decision-making or simply because of shared goals.
For example, a timeline published by Microsoft showed that on March 1 – the same day a Russian missile was fired at Kyiv’s TV tower – media companies in the capital were hit by destructive hacks and cyberespionage.
In another case, the company’s cybersecurity research team recorded “suspected Russian actors” lurking on Ukrainian critical infrastructure in the northeast city of Sumy, two weeks before widespread electricity shortages were reported in the area on March 3.
The next day, Microsoft said, Russian hackers broke into a government network in the central Ukrainian city of Vinnytsia. Two days later, missiles leveled the city’s airport.
Victor Zhora, a top Ukrainian cybersecurity official, said on Wednesday that he continues to see Russian cyberattacks on local telecom companies and energy grid operators.
“I believe that they can organize more attacks on these sectors,” Zhora told reporters. “We shouldn’t underestimate Russian hackers but we probably should not over-estimate their potential.”
He thanked Microsoft, the U.S. government and multiple European allies for their cybersecurity support.
Since the start of the war, academics and analysts have said Russia appeared to be less active in the cyber domain against Ukraine than expected. The Microsoft report reveals a flurry of malicious cyber activity, although its impact in most cases has been either unclear or not immediately evident.
Two weeks ago the U.S. government publicly exposed a cyberweapon, known as Pipedream, that was designed to damage industrial control systems. While the tool hasn’t been attributed to Russia, it is viewed as highly dangerous and its discovery coincides with the Ukraine conflict.