As the second year of the Russian war in Ukraine commences, a detailed survey of the cyberattacks used during the first year of the war, and especially new developments we have observed in recent months, provide hints of what the future of this hybrid war may hold.
Since the start of the war, Russia has deployed at least nine new wiper families and two types of ransomware against more than 100 government and private sector Ukrainian organizations. Strong cyber defense partnerships between the public and private sector, and Ukrainian preparedness and resilience, has successfully defended against most of these attacks, but Russian activity continues.
In 2023, Russia has stepped up its espionage attacks, targeting organizations in at least 17 European nations, mostly government agencies. Wiper attacks continue in Ukraine.
We also continue to monitor for the development and deployment of new ransomware variants. As of late November 2022, Microsoft and other security firms identified a new form of ransomware, called “Sullivan”, deployed against Ukrainian targets, in addition to the “Prestige” ransomware Russia deployed in Ukraine and Poland in October 2022. Our analysis suggests that Russia will continue to conduct espionage attacks against Ukraine and Ukraine’s partners, and destructive attacks within and potentially outside Ukraine as was done with Prestige.