The Russian invasion of Ukraine was preceded by a wide-ranging cyberattack that signals the start of a whole new form of warfare, Microsoft’s President has said.
Speaking at the company’s Microsoft Envision event in London, Brad Smith revealed that it had been aware of potential attacks against Ukraine being launched shortly before the physical invasion took place.
The company was then able to gather its resources to not just crack down on the initial attacks, but help Ukrainian defenders organise a response to what Smith called “the first major hybrid war”.
Harking back to the initial “ages” of war, which encompassed land, sea and air assaults respectively, Smith noted that warfare had now entered “a fourth plain”: cyber.
The company had three main responsibilities: sustaining a government, defending a nation, and protecting the people.
Smith outlined how up until one week before the war started, the Ukraine government was running entirely on-premise. As fears of an invasion grew though, Microsoft leapt into action and, “within days”, 16 of 17 government ministries and a number of key Ukrainian companies were moved to the cloud.
Importantly, Smith noted, this cloud was outside Ukraine for extra security - a move helped by the fact that Microsoft had spent $12 billion building datacentres across Europe.
“The best way to protect a country in a time of war is to ensure its continuity by dispersing its digital assets,” he said. “You are most safe when people don't know where your data is.”
Also ahead of a physical invasion, Smith noted that the conflict actually appeared to begin online as the Foxblade malware was launched against up to 300 Ukrainian targets.
“The first shells were fired in cyberspace,” he said, outlining how seven different units across three parts of the Russian government all began firing off attacks. Unlike the NotPetya attack utilized during the previous Russian invasion, these attacks were precisely targeted, using waves of wiper software to cripple Ukrainian infrastructure.
"As the war has gone on, what we've seen is not just a proliferation of attack, but sometimes a combination of attacks,” he noted, highlighting how Microsoft had detected 237 distinct operations and 40 destructive attacks targeting hundreds of systems ahead of physical attacks. The times between cyber and ground assaults had also shrunk down from days to hours and sometimes even minutes, he said, highlighting one cyberattack that targeted a nuclear power plant, with a physical attack following within hours.
Looking forward, Smith noted that Microsoft’s role was now focusing on several fronts, including disrupting Russian disinformation, protecting people on the ground, and making sure there is accountability for war crimes committed during the conflict.
“We are going to need to develop the defensive capabilities to combat this kind of cyber attacks,” he declared.
"When we think about the war in Ukraine, when we think about what it takes to support and sustain that government...I think we should also think about what it means for our place in the world...in many ways the gift given to us is being attacked.”
“We should all recognize that we are working together to support not only Ukraine, but the world.”