Simultaneously with relentless cyberattacks on Ukraine, state-backed Russian hackers have engaged in “strategic espionage” against governments, think tanks, corporations and aid groups in 42 countries that support Kyiv, Microsoft said in a report Wednesday.
“Since the war began, the Russian target (on Ukraine’s allies) has been successful 29 percent of the time,” Microsoft President Brad Smith wrote, with at least a quarter of successful network breaches involving data theft.
Almost two-thirds of cyberespionage targets involved NATO members. The United States was the main target and Poland, the main channel for military aid flowing to Ukraine, was number 2. In the last two months, Denmark, Norway, Finland, Sweden and Turkey have all come under increased attacks.
A notable exception is Estonia, where Microsoft says it has not detected any Russian cyber intruders since Russia invaded Ukraine on February 24. The company spearheaded Estonia’s adoption of cloud computing, where it is easier to detect intruders. Some other European governments have “significant collective defense weaknesses,” Microsoft said, without naming them.
According to the 28-page report, half of the 128 organizations affected are government agencies and 12% are non-governmental organizations, typically think tanks or humanitarian groups. Other targets include telecom, energy and defense companies.
Microsoft said Ukraine’s cyber defenses overall “proved stronger” than Russia’s capabilities in “waves of destructive cyberattacks against 48 different Ukrainian agencies and companies.” Moscow’s military hackers have been careful not to release destructive data-destroying worms that could spread outside of Ukraine, like the NotPetya virus did in 2017, the report said.
“Over the past month, as the Russian military focused its attacks on the Donbass region, the number of destructive attacks has decreased,” the report, Defending Ukraine: Early Lessons from the Cyber War, says. The Redmond, Wash. company has unique insights into the domain due to the ubiquity of its software and threat detection teams.
According to Microsoft, Ukraine has also set an example in data protection. A week before the Russian invasion, Ukraine stopped storing its data locally on servers in government buildings – making them vulnerable to airstrikes – but distributed that data in the cloud, hosted in data centers across Europe.
The report also assessed Russian disinformation and propaganda aimed at “undermining Western unity and deflecting criticism of Russian military war crimes” and wooing people in non-aligned countries.
Using artificial intelligence tools, Microsoft said it estimated that “Russian cyber influence operations successfully increased the distribution of post-war Russian propaganda by 216 percent in Ukraine and 82 percent in the United States.”