Coinciding with relentless cyber attacks against Ukraine, state-backed Russian hackers have engaged in “strategic espionage” against governments, think tanks, companies and aid organizations in 42 countries that support Kiev, Microsoft said in a report on Wednesday.
“Since the beginning of the war, attacks by Russia (of Ukraine’s allies) have been successful 29 percent of the time,” wrote Microsoft president Brad Smith, with data stolen in at least a quarter of successful network breaches.
“While a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have ramped up network penetration and espionage activities targeting allied governments outside Ukraine,” Smith said.
NATO members were involved in nearly two-thirds of cyber espionage targets. The United States was the main target and Poland, the main channel for military aid flowing into Ukraine, was the second. In the past two months, Denmark, Norway, Finland, Sweden and Turkey have ramped up targeting.
A notable exception is Estonia, where Microsoft said it has not detected any Russian cyber intrusions since Russia invaded Ukraine on February 24. The company recognizes Estonia’s adoption of cloud computing, where it is easier to detect intruders. “Significant collective defensive weaknesses remain” in some other European governments, Microsoft said, without identifying them.
Half of the 128 targeted organizations are government agencies and 12 percent are non-governmental agencies, mostly think tanks or humanitarian groups, according to the 28-page report. Other targets include telecommunications, energy and defense companies.
Microsoft said Ukraine’s cyber defenses in general have “proved stronger” than Russia’s capabilities in “waves of destructive cyber attacks against 48 different Ukrainian agencies and companies.” Moscow’s military hackers have been careful not to release destructive data-destroying worms that could spread outside Ukraine, as the NotPetya virus did in 2017, the report said.
“During the past month, as the Russian army concentrated its attacks in the Donbas region, the number of destructive attacks has decreased,” the report said. Defending Ukraine: Early Lessons from the Cyber War† The Redmond, Washington-based company has unique insight into the domain thanks to the ubiquity of its software and threat detection teams.
Microsoft said Ukraine is also an example in terms of data protection. Ukraine went from storing its data locally on servers in government buildings a week before the Russian invasion — leaving them vulnerable to air strikes — to distributing that data in the cloud, hosted in data centers across Europe.
The report also assessed Russian disinformation and propaganda aimed at “undermining Western unity and averting criticism of Russian military war crimes” and the pursuit of people in nonaligned countries.
Using artificial intelligence tools, Microsoft estimates that “Russian cyber-influence operations successfully increased the spread of Russian propaganda after the start of the war by 216 percent in Ukraine and 82 percent in the United States.”