Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies

Russia, Ukraine Cyberattacks

Russia, Ukraine Cyberattacks

Coinciding with unrelenting cyberattacks against Ukraine, state-backed Russian hackers have engaged in “strategic espionage” against governments, think tanks, businesses and aid groups in 42 countries supporting Kyiv, Microsoft said in a report Wednesday.

“Since the start of the war, the Russian targeting (of Ukraine’s allies) has been successful 29 percent of the time,” Microsoft President Brad Smith wrote, with data stolen in at least one-quarter of the successful network intrusions,

“As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine,” Smith said.

Nearly two-thirds of the cyberespionage targets involved NATO members. The United States was the prime target and Poland, the main conduit for military assistance flowing to Ukraine, was No. 2. In the past two months, Denmark, Norway, Finland, Sweden and Turkey have seen stepped-up targeting,

A striking exception is Estonia, where Microsoft said it has detected no Russian cyber intrusions since Russia invaded Ukraine on Feb. 24. The company credited Estonia’s adoption of cloud computing, where it’s easier to detect intruders. “Significant collective defensive weaknesses remain” among some other European governments, Microsoft said, without identifying them.

Half of the 128 organizations targeted are government agencies and 12% are nongovernmental agencies, typically think tanks or humanitarian groups, according to the 28-page report. Other targets include telecommunications, energy and defense companies.

Microsoft said Ukraine’s cyber defenses “have proven stronger” overall than Russia’s capabilities in “waves of destructive cyberattacks against 48 distinct Ukrainian agencies and enterprises.” Moscow’s military hackers have been cautious not to unleash destructive data-destroying worms that could spread outside Ukraine, as the NotPetya virus did in 2017, the report noted.

Advertisement. Scroll to continue reading.

“During the past month, as the Russian military moved to concentrate its attacks in the Donbas region, the number of destructive attacks has fallen,” according to the report, “Defending Ukraine: Early Lessons from the Cyber War.” The Redmond, Washington, company has unique insight in the domain due to the ubiquity of its software and threat detection teams.

Microsoft said Ukraine has also set an example in data safeguarding. Ukraine went from storing its data locally on servers in government buildings a week before the Russian invasion — making them vulnerable to aerial attack — to dispersing that data in the cloud, hosted in data centers across Europe.

The report also assessed Russian disinformation and propaganda aimed at “undermining Western unity and deflecting criticism of Russian military war crimes” and wooing people in nonaligned countries.

Using artificial intelligence tools, Microsoft said, it estimated “Russian cyber influence operations successfully increased the spread of Russian propaganda after the war began by 216 percent in Ukraine and 82 percent in the United States.”

ReadRussia, Ukraine and the Danger of a Global Cyberwar

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cyberwarfare

ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.