Microsoft Compares Russian Hacks of Ukraine to Assassination That Started World War I

A comprehensive report from Microsoft about Russia’s cyberattacks during its war with Ukraine compares Russia’s hacks preceding its invasion to the assassination of Archduke Franz Ferdinand, an event the precipitated World War I and shaped much of the 20th century.

“The recorded history of every war typically includes an account of the first shots fired and who witnessed them,” Brad Smith, Microsoft’s president and vice chair, wrote in the introduction to the report “Historians who discuss the first shots in America’s Civil War in 1861 typically describe guns, cannons, and sailing ships around a fort near Charleston, South Carolina. Events spiraled toward the launch of World War I in 1914 when terrorists in plain view on a city street in Sarajevo used grenades and a pistol to assassinate the archduke of the Austrian-Hungarian Empire.”

Smith said that the “war in Ukraine follows this pattern,” but that “the first shots” in that war were fired hours before Russian tanks crossed the Ukrainian border, in the form of a cyberweapon called “FoxBlade” that was deployed against Ukrainian computers. 

Microsoft is one of the leading cybersecurity companies in the world, which regularly publishes reports about malicious online activity from both criminals and governments. It’s less common, however, for one of these reports to suggest it has identified the “first shots” in a conflict it compares to the deadliest wars in history. 

Only a few months in, Russia’s invasion of Ukraine has already inflicted horrors not seen in Europe for decades. According to the Office of the United Nations High Commissioner for Human Rights, more than 4,662 Ukrainian civilians were killed by Russian attacks since February 24. Ukraine claimed earlier this month that between 100 and 200 of its troops are being on the front line every day. Millions of Ukrainians have been displaced.

That crisis is primarily the result of a conventional “hot war,” meaning Russia’s deployment of troops, tanks, bombs, etc. But, as Microsoft’s report explains in detail, that war is also being supported by large, coordinated cyber campaigns. 

FoxBlade, which Smith referenced in his introduction to the report, is a Russian-made “wiper” software that was designed to infiltrate Ukrainian government systems and erase their data. Some hours before the physical invasion of Ukraine began, Microsoft’s Threat Intelligence Center (MSTIC) detected the software’s launch against 19 government agencies and critical infrastructure organizations, the report states. 

The report also details other Russian-born malware, with names like “WhisperGate” and “DoubleZero”—most of which the Microsoft team came up with themselves. FoxBlade in particular, according to the report, was created by a Russian group it calls Iridium, also known as Sandworm. 

The key to Ukraine’s success in defending against these attacks, Smith said, is that Ukraine was able to distribute its data across the cloud to be housed in other countries. “Ukraine’s government has successfully sustained its civil and military operations by acting quickly to disburse its digital infrastructure into the public cloud, where it has been hosted in data centers across Europe.” 

Outside of Ukraine, the report found that 128 organizations in 42 other countries were targeted. Russia’s priority, it reads, was naturally the United States. But Poland was also high on the list because it was the center for “logistical delivery of military and humanitarian assistance.” Several Baltic and Scandinavian countries were listed as well. 

The report states that of the malware campaigns Microsoft detected, 29 percent were successful, and a quarter of those led to “the successful exfiltration of an organization’s data.” It clarifies that 29 percent is most likely an underestimate, because many victims were operating on local, not cloud-based, servers.

Russia has also run some social media-based propaganda campaigns, with varying degrees of success, Microsoft reports. The country focused on four different messages to four different audiences: Russian, Ukrainian, American, and “nonaligned” populations. 

Propaganda directed at Ukrainians was designed for “undermining confidence in the country’s willingness and ability to withstand Russian attacks,” the report states. Propaganda directed at the United States was for “undermining Western unity,” and was often vaccine-related.