Russian hackers could be regrouping ahead of elections, Microsoft warns

Russia may push its hackers to become more aggressive in the coming months, after being stymied by Ukrainian resistance both on the battlefield and in cyberspace, Microsoft says.

In a report published Wednesday analyzing Russia’s cyber tactics in the year since it invaded Ukraine, Microsoft declared: “Should Russia suffer more setbacks on the battlefield, Russian actors may seek to expand their targeting of military and humanitarian supply chains by pursuing destructive attacks beyond Ukraine and Poland.”

As the company behind Windows, the world’s most popular operating system, Microsoft has particular insight into hacker activity. Like several major American companies and U.S. agencies, it has given cybersecurity aid to Ukraine.

During the course of the past year, Russia has deployed at least nine new “wiper” attacks, designed to worm their way into a victim’s computer network and delete files, the Redmond, Washington-based company said.

Those attacks didn’t have a significant spillover to the rest of the world, though there is precedent for that happening. The GRU, Russia’s military intelligence agency, infamously released a destructive strain of malicious software in 2017 called NotPetya, causing international condemnation. While NotPetya was intended to target Ukraine, it quickly spread around the world, causing an estimated $1 billion in damages.

Russia has previously denied responsibility for NotPetya. The Russian Defense Ministry did not immediately respond to a request for comment.

The Microsoft report came on the same day that a cybersecurity company said that the GRU had been able to exploit a previously unknown vulnerability in Microsoft’s flagship email program, Outlook, for almost a year.

Microsoft revealed the flaw Tuesday and issued a patch to fix it. Mandiant, a cybersecurity company owned by Google, said Wednesday that the GRU had been using it to hack targets for months.

A spokesperson for Mandiant said in an email Wednesday that the GRU had exploited it to spy on government computers and infrastructure in Poland, Ukraine, Romania and Turkey. A hacker with knowledge of how to exploit it could craft an email to a potential victim and gain access to…