Trace Id is missing

7 emerging hybrid warfare trends from Russia’s cyber war

A fingerprint in a circle surrounded by binary code

Despite the physical and economic devastation Russia’s invasion of Ukraine has wrought, the war continues into a second year with Moscow’s chief cyber and influence operation objectives largely unfulfilled. 

Russia continues using both cyber and influence operations to try to weaken Kyiv’s resolve and diminish support for Ukraine across Europe. Across the continent, Russia-affiliated influence actors have leveraged pro-Russia political figures and parties and promoted localized protests to exacerbate local divisions over the war. 

Russian cyber and influence actors leverage cyber activity, use propaganda to promote Kremlin-aligned narratives within target audiences, and aim to stoke divisions within European populations. Russia’s influence playbook is multi-vectored and includes seven key tactics that merge cyber and information operations:

1. Intensifying computer network operations (CNO): Russia’s CNO activity, which comprises destructive and espionage-focused operations that at times support influence aims, are likely to intensify. Efforts are likely to focus on the diplomatic and military related organizations in NATO member states, Ukraine’s neighbors, and against private-sector firms directly or indirectly involved in Ukraine’s military supply chain.
2. Weaponizing pacificism: This tactic involves amplifying popular domestic discontent about war costs and stoking fears about World War III across European nations.
3. Mobilizing nationalism: Conversely, Russian influence actors also promote narratives of right-wing populism that allege support for Ukraine benefits the political elite and harms the interests of local populations.
4. Exploiting divisions: Russia remains committed to influence operations that pit NATO member states against one another. Hungary has been a frequent target of such efforts, as have Poland and Germany.
5. Demonizing refugees: This tactic undermines solidarity with Ukraine by playing upon complex historical, ethnic, and cultural grievances.
6. Targeting diaspora communities: Using forgeries and other inauthentic or manipulated material, Russian influence actors have broadly promoted the narrative that European governments cannot be trusted, and that Ukrainians will be forcibly extradited to fight in the war.
7. Increasing hacktivist operations: Microsoft and others have observed purported hacktivist groups conducting or claiming to have conducted DDoS attacks, or document theft against perceived adversaries to project Russian power online. Some of these groups are linked to cyber threat actors like Seashell Blizzard and Cadet Blizzard.

Microsoft Threat Intelligence expects to see increased attention in regions of strategic importance to Moscow: the Balkans, Latin America, Africa, and within Russia itself. Continued efforts to undermine Ukraine’s alliances with NATO countries are also expected.

Microsoft Threat Intelligence expects to see increased attention in regions of strategic importance to Moscow: the Balkans, Latin America, Africa, and within Russia itself. Continued efforts to undermine Ukraine’s alliances with NATO countries are also expected.

Recommendations to help strengthen your network security

  • Patch zero-day vulnerabilities immediately Always patch zero-day vulnerabilities as soon as they are released. Don’t wait for the patch management cycle to deploy.
  • Inventory and audit all assets and identities. Document and inventory all enterprise hardware and software assets to determine risk and to when to act on patches.
  • Audit remote access status Remove access for any partner relationships that do not look familiar or have not yet been audited.
    You can also do this by enabling logging and reviewing all authentication activity for remote access infrastructure and virtual private networks or VPNs, with a focus on accounts configured with single two-factor authentication to confirm authenticity and investigate anomalous activity.
  • Enable cloud protection Enable cloud protection to provide identification and mitigation of known and novel threats to your network at scale.
  • Protect and defend high-value targets Identify and protect your potential high-value data targets, at-risk technologies, information, and business operations which might align with the strategic priorities of nation state groups.
  • Harden internet-facing assets Harden internet-facing assets and understand your perimeter.
  • Enable multifactor authentication (MFA) With MFA enabled, you can prevent 99.9% of attacks on your accounts. Enable MFA for all accounts (including service accounts) and ensure MFA is enforced for all remote connectivity.
  • Use passwordless solutions Weak passwords are the entry point for most attacks across enterprise and consumer accounts. Passwordless sign-in methods like the Microsoft Authenticator App, physical security keys, and biometrics are more secure than traditional passwords, which can be stolen, hacked, or guessed.
  • Use conditional access Try to reduce exposure to phishing attempts by enabling conditional access features for highly privileged accounts and impersonation and spoofing detection features.
  • Secure the supply chain Secure your software and services supply chain review and audit upstream and downstream service provider relationships and delegated privilege accesses to minimize unnecessary provision permissions.

Related articles

Putting cyber threat intelligence into geopolitical context

Threat intelligence expert Fanta Orr explains how threat intelligence analysis uncovers the “why” behind cyberthreat activity and helps better protect customers who might be vulnerable targets.

The cyber and influence operations of the war in Ukraine’s digital battlefield

Microsoft threat intelligence examines a year of cyber and influence operations in Ukraine, uncovers new trends in cyber threats, and what to expect as the war enters its second year.

Defending Ukraine: Early Lessons from the Cyber War

The latest findings in our ongoing threat intelligence efforts in the war between Russia and Ukraine, and a series of conclusions from its first four months reinforces the need for ongoing and new investments in technology, data, and partnerships to support governments, companies, NGOs, and universities.

Follow Microsoft