Cleveland, Ohio – At the same time as relentless cyberattacks on Ukraine, state-backed Russian hackers have engaged in “strategic espionage” against governments, think tanks, companies and aid groups in 42 countries that support Kyiv, Microsoft said in a report on Wednesday.
“Since the beginning of the war, the Russian orientation [of Ukraine’s allies] has been successful 29 percent of the time, wrote Microsoft President Brad Smith, with data stolen in at least a quarter of successful network intrusions.
“Once a coalition of countries has come together to defend Ukraine, Russian intelligence services have intensified network penetration and espionage activities against allied governments outside Ukraine,” Smith said.
Nearly two-thirds of cyber espionage cases involved NATO members. The United States was the main target and Poland, the main channel for military assistance flowing to Ukraine, was number 2. Over the past two months, Denmark, Norway, Finland, Sweden and Turkey have seen an intensified focus.
A striking exception is Estonia, where Microsoft said it has not detected any Russian cyber intrusion since Russia invaded Ukraine on February 24. The company credited Estonia’s adoption of cloud computing, where it is easier to detect intruders. “Significant collective defensive weaknesses remain” among some other European governments, Microsoft said without identifying them.
Half of the 128 organizations targeted are government agencies and 12% are non-governmental bodies, usually think tanks or humanitarian groups, according to the 28-page report. Other targets are telecom, energy and defense companies.
Microsoft said Ukraine’s cyber defense “has proven to be stronger” overall than Russia’s capabilities in “waves of destructive cyber attacks against 48 distinct Ukrainian agencies and companies.” Moscow’s military hackers have been careful not to unleash destructive data-destroying worms that could spread outside Ukraine, as the NotPetya virus did in 2017, the report noted.
“During the past month, as the Russian military moved to concentrate its attacks on the Donbas region, the number of destructive attacks has decreased,” according to the report “Defending Ukraine: Early Lessons from the Cyber War.” Redmond, Washington, the company has unique insight into the domain due to the fact that its software and threat detection team is everywhere.
Microsoft said that Ukraine has also been an example of data protection. Ukraine went from storing its data locally on servers in government buildings a week before the Russian invasion – making them vulnerable to air strikes – to spreading this data in the cloud, hosted in data centers across Europe.
The report also assessed Russian disinformation and propaganda aimed at “undermining Western unity and diverting criticism of Russian military war crimes” and courting people in non-aligned countries.
Using artificial intelligence tools, Microsoft said, they estimated that “Russian cyber-influence operations successfully increased the spread of post-war Russian propaganda by 216 percent in Ukraine and 82 percent in the United States.”