Russian threat actors dig in, prepare to seize on war fatigue

Russian cyber and influence operators have demonstrated adaptability throughout the war on Ukraine, trying new ways to gain battlefield advantage and sap Kyiv’s sources of domestic and external support. This report will detail cyber threat and malign influence activity that Microsoft observed between March and October 2023. During this time, Ukrainian military and civilian populations were again in the crosshairs, while the risk of intrusion and manipulation grew to entities worldwide assisting Ukraine and seeking to hold Russian forces to account for war crimes.

Threat actions Microsoft observed during this March to October period reflected combined operations to demoralize the Ukrainian public and an increased focus on cyber espionage. Russian military, cyber, and propaganda actors directed concerted attacks against the Ukrainian agriculture sector—a civilian infrastructure target—amid a global grain crisis. Cyber threat actors affiliated with Russian military intelligence (GRU) leaned into cyberespionage operations against the Ukrainian military and its foreign supply lines. As the international community sought to punish war crimes, groups linked to Russia’s Foreign Intelligence (SVR) and Federal Security (FSB) services targeted war crimes investigators within and outside of Ukraine.