Russia has carried out dozens cyber-espionage campaigns that targeted governments, think tanks, businesses and aid groups in more than 40 countries supporting Ukraine.
Microsoft said it has detected attacks on 128 organizations in 42 countries outside Ukraine since the start of Russia’s invasion.
Nearly two-thirds of the cyberespionage targets involved NATO members. While the US has been Russia’s primary target (12%), Russian state-backed hackers have also launched attacks on Poland (8%), which has become a hub for transporting military equipment to Ukraine, and Baltic countries of Latvia and Lithuania (14% combined). Microsoft notes that it didn’t detect Russian cyberattacks in Estonia (possibly due to Estonia’s adoption of cloud computing).
The tech giant noticed an increase in Russian cyber-espionage campaigns targeting Denmark, Norway, Finland, Sweden, and Turkey, as well as the foreign ministries of other NATO countries.
While the governments have been the main focus of the attacks, the target list also included think tanks, humanitarian organizations, IT companies, and energy and other critical infrastructure suppliers. According to Microsoft, 29% of the intrusions were successful. In a quarter of these the attackers were able to steal data from a victim organization.
“The lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations,” Microsoft President Brad Smith wrote. “As the war in Ukraine illustrates, while there are differences among these threats, the Russian Government does not pursue them as separate efforts and we should not put them in separate analytical silos. In addition, defensive strategies must consider the coordination of these cyber operations with kinetic military operations, as witnessed in Ukraine.”