23 June 2022

Russian cyber-espionage ops targeted 42 Ukraine allies


Russian cyber-espionage ops targeted 42 Ukraine allies

Russia has carried out dozens cyber-espionage campaigns that targeted governments, think tanks, businesses and aid groups in more than 40 countries supporting Ukraine.

Microsoft said it has detected attacks on 128 organizations in 42 countries outside Ukraine since the start of Russia’s invasion.

Nearly two-thirds of the cyberespionage targets involved NATO members. While the US has been Russia’s primary target (12%), Russian state-backed hackers have also launched attacks on Poland (8%), which has become a hub for transporting military equipment to Ukraine, and Baltic countries of Latvia and Lithuania (14% combined). Microsoft notes that it didn’t detect Russian cyberattacks in Estonia (possibly due to Estonia’s adoption of cloud computing).

The tech giant noticed an increase in Russian cyber-espionage campaigns targeting Denmark, Norway, Finland, Sweden, and Turkey, as well as the foreign ministries of other NATO countries.

While the governments have been the main focus of the attacks, the target list also included think tanks, humanitarian organizations, IT companies, and energy and other critical infrastructure suppliers. According to Microsoft, 29% of the intrusions were successful. In a quarter of these the attackers were able to steal data from a victim organization.

“The lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations,” Microsoft President Brad Smith wrote. “As the war in Ukraine illustrates, while there are differences among these threats, the Russian Government does not pursue them as separate efforts and we should not put them in separate analytical silos. In addition, defensive strategies must consider the coordination of these cyber operations with kinetic military operations, as witnessed in Ukraine.”


Back to the list

Latest Posts

Cyber security week in review: August 5, 2022

Cyber security week in review: August 5, 2022

The cybersecurity world in brief: Two crypto platforms targeted in multimillion-dollar attacks, hackers exploited an Atlassian Confluence bug to install a never-before-seen backdoor, and more.
5 August 2022
Threat actors exploit Atlassian Confluence bug to install a never-before-seen backdoor

Threat actors exploit Atlassian Confluence bug to install a never-before-seen backdoor

Ljl Backdoor is a fully-featured malware designed to gather files and user accounts, as well as system information.
4 August 2022
Thousands of Solana wallets drained in yet another multimillion exploit

Thousands of Solana wallets drained in yet another multimillion exploit

More than 8,000 wallets have been affected in the hack.
3 August 2022