According to Microsoft, US organizations have been the main target of Russian hacking attempts outside of Ukraine, but the alleged Russian hack has spread to 42 countries and a range of sectors that may hold valuable information related to the war, from governments to think tanks to humanitarian groups.
This is reminiscent of the voracious appetite of Russian cyber operators for strategic information, as the Kremlin is more isolated on the international stage than it has been in decades.
These hacking attempts succeeded in penetrating defenses 29% of the time, according to Microsoft. Of these successful breaches, a quarter resulted in the theft of data from the networks.
But measuring the “success” of Russian cyber espionage is difficult, and Microsoft said it didn’t have a full view of the hack because some customers were storing data on their own systems rather than in cloud infrastructure. computing from Microsoft.
CNN has contacted the Russian Embassy in Washington for comment. Moscow regularly denies the hacking charges.
Various governments have likely ramped up their offensive cyber activities related to the war in Ukraine as they seek to understand how the fighting and its global fallout.
Cyber Command, the US military’s hacking unit, conducted a “full range” of offensive, defensive and information operations in support of Ukraine, the command chief confirmed this this month.
US officials continue to study Russian efforts to complement its kinetic warfare in Ukraine with cyber operations.
Significant alleged incidents of Russian hacking in Ukraine since the February invasion include the hacking of a satellite operator, which disrupted internet service to tens of thousands of satellite modems as the invasion progressed, and waves of data hacks aimed at destabilizing Ukrainian government agencies.
Ukrainian officials have also accused the Russians of routing internet traffic to occupied parts of Ukraine through Russian internet providers and subjecting those connections to censorship.
Some of these tactics “could be part of China’s playbook” in Beijing’s future attempts to project power beyond its borders, according to Mieke Eoyang, deputy undersecretary of defense for cyber policy.
“The cyber dimensions of [what Russia is trying doing in Ukraine] are extremely important for us, especially at the Department of Defense, to understand what the playbook could be if another cyber-capable country tried to do so,” Eoyang said Tuesday at an event in Washington hosted by the Third Way think tank.
NATO members a target for Russian hackers
NATO, the 30-nation military alliance that includes the United States, Canada and European allies, has been a particular target for Russian computer scientists, according to Microsoft’s report.
After the United States, Poland – a hub for delivering humanitarian and military aid to Ukraine – has been the most targeted NATO member by Russian hackers in recent months, finds Microsoft researchers.
Potential, and not just current, members of NATO have had to remain on their guard against possible Russian cyberattacks. The Swedish and Finnish governments have been vigilant against Russian hacking before and after announcing plans to join NATO in May.
For months, Swedish authorities have encouraged critical infrastructure operators to lower their thresholds for reporting suspicious cyber activity to authorities, said Johan Turell, senior analyst at the cybersecurity department of Sweden’s Civil Contingencies Agency, an organization government that prepares for natural and man-made disasters. seizures.
The Kremlin has warned Sweden and Finland, which share hundreds of kilometers of border with Russia, against joining NATO.
While Ukrainian President Volodymyr Zelensky was speaking via video conference with the Finnish parliament on April 8, a cyber attack briefly took the websites of Finland’s foreign and defense ministries offline. Websites quickly came back online. Some digital forensics specialists linked the hack, which caused no serious disruption, to Russia.
“We don’t know if they were patriotic Russian hackers or some entity more directly related to [the] Russian government,” Mikko Hyppönen, a prominent Finnish cybersecurity official, told CNN. “But I have no doubt that the attack was Russian,” he said after reviewing the technical evidence.
“If Russia tries to scare us with these attacks, they fail,” said Hyppönen, who is director of research at cybersecurity firm WithSecure.
This story has been updated with additional details.