Microsoft (MSFT.O) said Wednesday that Russian hackers are preparing a new round of cyber attacks against Ukraine, including a “ransomware-style” threat to supply-line firms.

The tech giant’s cyber security research and analysis team’s study details fresh revelations concerning Russian hackers’ operations throughout the Ukrainian crisis and what may come next.

“Since January 2023, Microsoft has witnessed Russian cyber threat activities shifting to strengthen damaging and information collecting capabilities against Ukraine and its partners’ civilian and military assets,” the paper said. One gang “appears to be planning for a fresh damaging onslaught.”

Western security authorities say Moscow is sending fresh soldiers to eastern Ukraine. Last month, Ukrainian Defense Minister Oleksiy Reznikov warned that Moscow might increase military activity around the Feb. 24 invasion anniversary.

The Russian embassy in Washington did not react.

Analysts think Russia has used physical military operations and cyber methods before.

“Pairing physical strikes with measures to disrupt or restrict defenders’ capacity to coordinate and to deploy cyber-dependent technologies is not a novel strategic concept,” said Atlantic Council Cyber Statecraft Initiative associate director Emma Schroeder.

Microsoft discovered that Sandworm, a skilled Russian hacking team, was exploring “additional ransomware-style capabilities that may be employed in devastating operations on firms outside Ukraine that provide vital tasks in Ukraine’s supply lines.”

Hackers infiltrate an organization, encrypt its data, and demand money to regain access. Ransomware has also been used to hide other cyberattacks, such as data wipes.

Microsoft found at least nine wipers and two ransomware variants targeting over 100 Ukrainian enterprises since January 2022.

According to the assessment, Russian cyber activities targeting Ukraine-allied groups have become increasingly covert.

“In nations around the Americas and Europe, especially Ukraine’s neighbors, Russian threat actors have sought access to government and commercial groups participating in attempts to help Ukraine,” said Clint Watts, general manager of Microsoft’s Digital Security Analysis Center.