Many Russian cyberattacks failed in the first months of the war in Ukraine, according to a study.

WASHINGTON. A new study of how Russia used its cyber capabilities in the early months of the war in Ukraine contains a number of surprises: Moscow carried out more cyber attacks than thought at the time to support its invasion, but more than two-thirds of them failed. , echoing his poor performance on the physical battlefield.

However, the study published by Microsoft on Wednesdaysuggested that the government of President Vladimir V. Putin has succeeded more than many expected in its disinformation campaign to create a narrative of the war favorable to Russia, including the allegation that the United States was covertly manufacturing biological weapons on Ukrainian soil.

The report is the latest attempt by many groups, including US intelligence agencies, to understand the interplay of brutal physical warfare with parallel and often coordinated cyber warfare. This indicated that Ukraine was well prepared to repel cyberattacks, having survived them for many years. This was partly due to a well-established alert system from private sector companies including Microsoft and Google, and preparations that included migrating most of Ukraine’s most critical systems to the cloud on servers outside of Ukraine.

A report on Russian cyberattacks and disinformation campaigns found that only 29% of attacks hit targeted networks in Ukraine, the US, Poland and the Baltics. But it points to more successful attempts to dominate the information war, in which Russia has accused Washington and Kyiv of starting the conflict now raging in eastern and southern Ukraine.

This war is the first all-out battle where conventional and cyber weapons have been used side by side, and the race continues to explore never-before-seen dynamics between the two. So far, very little of this dynamic has developed as expected.

At first, analysts and government officials were struck by the absence of serious Russian attacks on Ukraine’s power and communications systems. In April, President Biden’s National Cyber ​​Director Chris Inglis said the “burning question” is why Russia hasn’t made “a very significant game in cyberspace, at least against NATO and the United States.” He suggested that the Russians thought they were heading for a quick victory in February, but were “distracted” when the hostilities ran into obstacles.

Microsoft’s report states that Russia launched a major cyberattack on February 2nd. 23, the day before the physical invasion. This malware attack, called FoxBlade, was an attempt to use a “cleaner” program that erased data on government networks. Around the same time, Russia attacked the Viasat satellite communications network, hoping to disable the Ukrainian army.

“We were, I think, among the first to witness the first shots fired on February 23rd,” said Brad Smith, President of Microsoft.

“It was a formidable, intense, even ferocious set of attacks, attacks that started with one form of data cleansing software, attacks that are really coordinated from different parts of the Russian government,” he added Wednesday at the Ronald forum. Presidential Foundation and the Reagan Institute in Washington.

But many attacks were thwarted, or enough redundant funds were built into Ukrainian networks that the effort did little damage. The result, Mr. Smith said the attacks were underreported.

On many occasions, Russia coordinated the use of cyberweapons with conventional attacks, including shutting down the nuclear power plant’s computer network before moving troops to capture it, Mr. Putin said. Smith said. Microsoft officials declined to say which plant Mr. Smith meant.

While most of Russia’s cyber activity is concentrated in Ukraine, Microsoft has detected 128 network intrusions in 42 countries. Microsoft concluded that of the 29 percent of Russian attacks that successfully penetrated the network, only a quarter resulted in data theft.

Outside of Ukraine, Russia has focused its attacks on the United States, Poland and two contenders for NATO membership, Sweden and Finland. Other members of the alliance were persecuted, especially when they began to supply Ukraine with more weapons. These violations, however, were limited to surveillance, indicating that Moscow is trying to avoid direct involvement of NATO countries in the fight through cyberattacks, just as it refrains from physical attacks on these countries.

But Microsoft, other tech companies and government officials have said Russia has combined these infiltration attempts with a broad propaganda effort around the world.

Microsoft tracked the rise in consumption of Russian propaganda in the US in the first weeks of the year. It peaked at 82% right before the February crisis. 24 invasions of Ukraine with 60 to 80 million monthly page views. That number, Microsoft says, rivals the number of page views on the largest traditional media sites in the United States.

One example Mr. Smith mentioned was Russian propaganda inside Russia pushing its citizens to get vaccinated while its English-language messages were spreading anti-vaccine content.

Microsoft also tracked the rise of Russian propaganda in Canada in the weeks before the trucker convoy protesting the vaccine ban tried to shut down Ottawa, and in New Zealand before protests against public health measures aimed at combating the pandemic.

“This is not a case of consumption after the news; it’s not even about the post-news escalation effort,” Mr. Smith said. “But I think it’s fair to say that this is not only an amplification that precedes the news, but quite possibly an attempt to create and influence the creation of the news of the day itself.”

Senator Angus King, an Independent from Maine and a member of the Senate Intelligence Committee, noted that while private companies can monitor Russia’s efforts to spread disinformation inside the United States, US intelligence agencies are limited by laws that prevent them from looking inside American networks.

“There is a gap, and I think the Russians are aware of it, and that allowed them to take advantage of the gap in our system,” Mr. Putin said. King, who also spoke at the Reagan Institute.

A provision in this year’s defense policy bill being considered by Congress requires the National Security Agency and its military cousin, US Cyber ​​Command, to report to Congress every two years on election security, including efforts by Russia and other foreign powers to influence Americans.

“Ultimately, the best protection for our people is that they are better at consuming information,” he said. King said. “We need to better educate people to be better consumers of information. I call it digital literacy. And we should be teaching kids in fourth and fifth grade how to tell a fake site from a real one.”