Russian Intelligence Agencies Have Increased Cyberattacks Against Nations That Aid Ukraine

From a Wall Street Journal story by Dustin Volz headlined “Russia Increased Cyber Espionage Against Countries Supporting Ukraine, Microsoft Says”:

Russian intelligence agencies have increased the pace of cyberattacks against nations that have provided aid to Ukraine, according to new research published Wednesday by Microsoft Corp., which said it had observed Moscow-backed hacking attempts in over 40 countries.

Much of the malicious cyber activity linked to the Kremlin took aim at governments that are part of the North Atlantic Treaty Organization for espionage, and targets also included nongovernmental organizations, think tanks and humanitarian groups providing support to Ukrainian refugees, as well as information-technology and energy firms, Microsoft said.

The U.S. saw the most of any country outside Ukraine, accounting for 12% of the global total since the war in Ukraine began, the tech company said.

“As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up their network penetration and espionage activities targeting governments outside Ukraine,” the report said. “This increase appears to be most focused on obtaining information from inside the governments that are playing critical roles in the West’s response to the war.”

Senior Biden administration officials warned before Russia’s invasion of Ukraine that Moscow was likely to take aim at the U.S. with cyberattacks, though catastrophic attacks on critical infrastructure have either not taken place or been unsuccessful thus far.

Microsoft didn’t provide data to compare the recent flurry of alleged Russian cyber operations with what the company’s threat intelligence team normally observes, but described it generally as an increase in activity. Because Microsoft products are so widely used across the globe, the company has unique visibility into the actions of various hacking groups.ussian intelligence agencies have increased the pace of cyberattacks against nations that have provided aid to Ukraine

The Russian Embassy in Washington didn’t immediately respond to a request for comment. Moscow has routinely denied allegations of cyberattacks against other countries and said it has been victimized recently by cyberattacks launched by Western powers.

Since the war began Feb. 24, Microsoft said it had detected Russian network intrusion efforts on 128 targets in 42 countries outside Ukraine, which cyber firms and the Ukrainian government have said has also suffered a regular onslaught of Russian cyberattacks. Many of the alleged Russian attacks were unsuccessful and smaller in scale than what many experts initially anticipated. Microsoft said in April that half a dozen hacking groups linked to the Russian government had attempted hundreds of cyberattacks in Ukraine since Russia’s invasion, including dozens intended to destroy computer systems.

Overall, 63% of the global tally of Russia-linked attacks were against NATO members, Microsoft said, and those geographically closest to Ukraine have sustained the most attacks, with Poland enduring more than any other in the region. The targets have included Baltic countries, and during the past two months Microsoft said it had seen an increase in activity against computer networks in Denmark, Norway, Finland, Sweden and Turkey, as well as the targeting of foreign ministries in other countries that are part of NATO.

So far just under a third of the alleged cyber-espionage attacks successfully compromised the targets, Microsoft said, and at least a quarter of those successes have led to confirmed theft of data.

Russia has also increased its use of cyber-enabled influence operations against both domestic and international audiences in an attempt to boost its war goals, efforts that have included the deliberate spread of false narratives intended to undermine Western unity with Ukraine, Microsoft said.

Dustin Volz is a DC-based journalist for The Wall Street Journal who reports on cybersecurity and intelligence. Previously he covered cybersecurity and surveillance at Reuters, and before that he was a staff correspondent for National Journal, where he covered tech policy and breaking news.

Speak Your Mind