Hackers linked to Russia’s military were very likely behind ransomware attacks last month on Ukrainian and Polish transportation and logistics organizations, Microsoft said Thursday.
The revelation will raise concerns in Washington and European capitals that allies supporting Ukraine against Russia’s invasion could face greater cyber threats from Moscow.
Poland is a NATO member and a key conduit for supplying military aid to Ukraine.
The hacks “did cause damage” at the transportation and logistics companies in Poland and Ukraine, a Microsoft spokesperson told CNN. The extent of the damage was unclear. CNN has requested further details from Microsoft.
Microsoft attributed the hacks to a group that the Justice Department alleges works on behalf of Russia’s GRU military intelligence agency and which caused power blackouts in parts of Ukraine in 2015 and 2016.
One of Ukraine’s main cybersecurity agencies, the State Special Communications Service, declined to comment.
It’s a rare public example of an alleged Russian hack related to the war causing damage in a NATO member country.
During Russia’s February invasion, another suspected Russian hack wiped data at two Ukrainian government contractors with a presence in Latvia and Lithuania, but that was widely seen among analysts as collateral damage rather than deliberate.
NATO Secretary General Jens Stoltenberg has said a cyberattack could trigger NATO’s collective defense clause, requiring all members to defend an attack on another member. But that has never happened, and it is unclear what exactly NATO’s threshold in cyberspace is for a response.
“We do not state openly what level or damage the cyber-attack would have to cause,” NATO spokesperson Matthias Eichenlaub said in an email. “Any invocation of article 5 is always a political decision taken by all Allies by consensus.”
The GRU-linked ransomware attacks signal “increased risk to organizations directly supplying or transporting humanitarian or military assistance to Ukraine,” researchers from Microsoft, which has worked directly with the Ukrainian government to respond to the hacks, said in a statement.
The Russian embassy in Washington, DC, did not respond to a request for comment on Microsoft’s statement. Moscow routinely denies conducting cyberattacks.
Russian hacking groups have carried out a slew of cyberattacks during the war on Ukrainian government and corporate networks in activity that sometimes overlaps with Russia military strikes. But the kind of high-impact hack that takes out power or other critical networks has largely been missing.
Russian hacking has played a peripheral, rather than central, role in the Kremlin’s efforts to dismantle Ukrainian critical infrastructure, US and Ukrainian officials previously told CNN.