Just finished reading the Special Report: Ukraine - An overview of Russia’s cyberattack activity in Ukraine. The report was prepared by Microsoft’s Digital Security Unit, leveraging the intelligence and findings of the Microsoft Threat Intelligence Center and data analysis of Microsoft’s AI for Good Research Lab, and I wanted to share some of the parts that stood out to me. First was how early the war campaign against Ukraine actually began:
Microsoft assesses that Russia-aligned threat groups were pre-positioning for conflict as early as March 2021, when threat actors that had sporadically targeted Ukraine in the past started to conduct more actions against organizations inside or allied with Ukraine.
The other thing that was clear is that the physical assault goes hand in hand with the cyber assault:
More than 40% of the destructive attacks were aimed at organizations in critical infrastructure sectors that could have negative second-order effects on the government, military, economy, and people. Thirty-two percent of destructive incidents affected Ukrainian government organizations at the national, regional, and city levels. Microsoft has also observed that the threat actors are slightly modifying the malware to evade detection with each wave of deployment.
This begs the question when exactly does a sovereign state, under state sanctioned cyberattack, consider those intrusions and disruptions an act of war?