Coinciding with unrelenting cyberattacks against Ukraine, state-backed Russian hackers have engaged in “strategic espionage” against governments, think tanks, businesses and aid groups in 42 countries supporting Kyiv, Microsoft said in a report Wednesday.
“Since the start of the war, the Russian targeting [of Ukraine’s allies] has been successful 29 percent of the time,” Microsoft President Brad Smith wrote, with data stolen in at least one-quarter of the successful network intrusions.
“As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine,” Smith said.
Nearly two-thirds of the cyberespionage targets involved NATO members. The United States was the prime target and Poland, the main conduit for military assistance flowing to Ukraine, was No. 2. In the past two months, Denmark, Norway, Finland, Sweden and Turkey have seen stepped-up targeting.
A striking exception is Estonia, where Microsoft said it has detected no Russian cyber intrusions since Russia invaded Ukraine on Feb. 24. The company credited Estonia’s adoption of cloud computing, where it’s easier to detect intruders. “Significant collective defensive weaknesses remain” among some other European governments, Microsoft said, without identifying them.
Half of the 128 organizations targeted are government agencies and 12% are nongovernmental agencies, typically think tanks or humanitarian groups, according to the 28-page report. Other targets include telecommunications, energy and defense companies.
Microsoft said Ukraine’s cyber defenses “have proven stronger” overall than Russia’s capabilities in “waves of destructive cyberattacks against 48 distinct Ukrainian agencies and enterprises.” Moscow’s military hackers have been cautious not to unleash destructive data-destroying worms that could spread outside Ukraine, as the NotPetya virus did in 2017, the report noted.
“During the past month, as the Russian military moved to concentrate its attacks in the Donbas region, the number of destructive attacks has fallen,” according to the report, “Defending Ukraine: Early Lessons from the Cyber War.” The Redmond, Washington, company has unique insight in the domain due to the ubiquity of its software and threat detection teams.
Microsoft said Ukraine has also set an example in data safeguarding. Ukraine went from storing its data locally on servers in government buildings a week before the Russian invasion — making them vulnerable to aerial attack — to dispersing that data in the cloud, hosted in data centers across Europe.
The report also assessed Russian disinformation and propaganda aimed at “undermining Western unity and deflecting criticism of Russian military war crimes” and wooing people in nonaligned countries.
Using artificial intelligence tools, Microsoft said, it estimated “Russian cyber influence operations successfully increased the spread of Russian propaganda after the war began by 216 percent in Ukraine and 82 percent in the United States.”