[ad_1]
Beijing-backed hackers caused a crisis after hacking Exchange mail servers this year with flaws Microsoft was unaware of, but Microsoft says Russian hackers are much more prolific than those in China or any other country .
“In the past year, 58% of all cyber attacks Microsoft observed from nation states came from Russia,” said Tom Burt, vice president of Microsoft, in a blog post detailing the hack supported by the government over the past year.
The US and UK have blamed the Russian Foreign Intelligence Service (SVR) for the massive software supply chain attack on US enterprise software provider SolarWinds. Approximately 18,000 customers received a malware update for the vendor’s Orion network management software that contained the Sunburst backdoor. A number of clients – estimated at around 100 US customers, including leading tech companies and US government agencies – were subsequently raped.
Microsoft’s Burt warned that last year showed that Kremlin-backed hackers were becoming “more and more effective”, their attacks becoming more effective and motivated by espionage and intelligence campaigns. Many attacks attributed to Russia targeted corporate virtual private network (VPN) software.
Russian nation-state actors increasingly target government agencies for intelligence gathering, which have fallen from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy , national security or defense, “he explained.
Russia’s hacking is primarily driven by the country’s politics, with the main targets being the United States, Ukraine and the United Kingdom, according to Microsoft.
But other usual suspects are also featured in Microsoft’s 2021 digital defense report, including Iran and North Korea. A new entrant is Turkey, which has a strong taste for Trojans. The work carried out by Israeli cyber teams is particularly absent from the Microsoft report. Israel is home to the NSO Group, infamous for its exploits targeting iPhones.
The Russian state-based hack was primarily focused on Ukraine. Meanwhile, Israel was increasingly targeted by Iranian hackers.
“Russian company NOBELIUM has increased the number of affected Ukrainian customers from six in the previous fiscal year to over 1,200 this year by strongly targeting Ukrainian government interests involved in rallying support against an accumulation of Russian troops along the Ukrainian border, ”Microsoft notes in its Digital Defense Report.
“This year has nearly quadrupled the targeting of Israeli entities, the exclusive result of Iranian actors, who have focused on Israel as tensions sharply escalated between adversaries.
Public sector agencies under attack by hackers are primarily “foreign ministries and other global government entities involved in international affairs,” according to Microsoft, while phishing attacks seeking to capture credentials affect consumer and business accounts.
Russian hackers have developed supply chain attacks over the past decade. The biggest supply chain attack before SolarWinds was NotPetya in 2017, which spread through little-known Ukrainian accounting software and cost industrial giants billions in losses.
Software supply chain attacks work because they are carried out through updates from trusted software vendors, including security companies. SolarWinds might not be a household name, but it’s important in enterprise computing.
Today, nearly every major US cybersecurity company is rallying around US President Jo Biden’s cybersecurity ordinance, which attempts to push forward the idea that even trusted networks are unreliable.
However, critical infrastructure is the real change in the targets selected by Russian hackers. Biden reportedly told Russian President Vladimir Putin that critical infrastructure should be “banned”, although this is a delicate position for the United States as it is well known that the most capable hackers in the world world are working at the National Security Agency, which developed Stuxnet to target Iranian uranium. enrichment equipment. Top Microsoft executives have previously criticized the NSA for racking up zero-day exploits.
“From July 2020 to June 2021, critical infrastructure was not the focal point according to the NSN information that was tracked. China-based threat actors showed the most interest and threat actors based in China showed the most interest. in Russia accounted for the least in the targeting of entities in the critical infrastructure sector, ”notes Microsoft in its report.
“Russia’s NOBELIUM Cyber Operations is a prime example of Russia’s interest in conducting access and intelligence gathering operations versus targeting critical infrastructure for potential disruption operations.”
[ad_2]
Source link