Russian state-backed hackers are more successful at violating foreign government goals, Microsoft says

by



[ad_1]

Government organizations accounted for more than half of the targets of Moscow-linked hacking groups for the year through June 2021, down from just 3% the year before, according to Microsoft. At the same time, the success rate of Russian intrusions into government and non-government targets has dropped from 21% to 32% year on year, the tech giant said in a business-focused report. state-backed and cybercriminals.
The report comes as the Biden administration seeks to bolster the U.S. government’s defenses against cyber espionage from Russia – and publicly expose such activity with U.S. allies. Last month, the European Union lambasted alleged Russian hacking and flight operations which the bloc said were aimed at interfering with democracy.

But despite the United States and its allies condemning Russian and Chinese behavior in cyberspace, these countries “are still comfortable looking into attacks from nation states,” said Cristin Goodwin, associate general counsel and head of Microsoft’s digital security unit. “And we are seeing this increase.”

The data includes the Russian spy operation that violated at least nine US federal agencies in 2020 by exploiting software made by SolarWinds, a Texas-based company. CNN reported on Wednesday that the same Russian group behind the activity has continued in recent months to attempt to rape US and European government organizations.

In April, the Biden administration blamed Russia’s foreign intelligence service, the SVR, for the spy campaign. Moscow has denied any involvement in the hacking.

North Korea, Iran and China were next most active countries

Microsoft also reported on Thursday that 58% of government-related hacking attempts were from Russia, followed by 23% from North Korea, 11% from Iran and 8% from China.

The data is accompanied by caveats. A flurry of failed attempts to guess the passwords of target organizations, for example, count as separate hacking attempts. And Microsoft has not reported to U.S. intelligence agencies, which also carry out cyber espionage campaigns.

But with more than a billion devices running Microsoft software around the world, the tech vendor has a broader view of malicious cyber activity than most other organizations. And the data tells its own story.

Cyber ​​activity, for example, is often correlated with broader geopolitical dynamics and tensions.

CNN premiere: Biden administration summons 30 countries to quell ransomware threat

As Russia stepped up its troop presence along its border with Ukraine earlier this year, the same hacking group that breached SolarWinds has “de[ed] The interests of the Ukrainian government, ”according to Microsoft. The number of Microsoft customers in Ukraine “affected” by the Russian hacking group climbed to 1,200 in the fiscal year ending June, from just six the year before.

“Historically, nation-state attacks have tended to follow a country’s geopolitical priority,” Goodwin told CNN.

Much of the public’s attention to alleged Russian cyber operations over the past year has been on the group that bugged the SolarWinds software. But there is an array of hacking teams available to Moscow carrying out different missions against valuable targets in the United States and allied countries, analysts say.

Some of these groups specialize in infiltrating critical infrastructure companies, both to gather information and, perhaps in some cases, to gain a foothold in networks in times of conflict, some U.S. officials say. private sector experts.

Attacks on critical infrastructure

“The worry is this effort that we have seen [Russian groups] actively use disruptive effects around the world, ”said Rob Joyce, National Security Agency Chief Cyber ​​Security Officer, at Aspen Cyber ​​Summit last week. “And we have seen evidence of prepositioning against US critical infrastructure. So all the things that cannot be tolerated and that we have to work against. “

One such group, known as the Berserk Bear in the cybersecurity industry, has been linked to industrial software breaches at U.S. electric utilities that the Department of Homeland Security blamed on hackers. Russian government IT systems in 2018.

The group, which some analysts have linked to Russian intelligence agency FSB, has shown over the past three years a constant appetite for collecting data held by critical infrastructure companies in the United States, Ukraine and Russia. Western Europe.

This includes breaches, in 2019 and 2020 respectively, of the websites of one of Ukraine’s largest energy companies and the San Francisco International Airport, according to Joe Slowik, a former U.S. Navy cybersecurity specialist. who now works for the security company Gigamon.

Over a decade of operations against critical infrastructure companies, Berserk Bear “has almost certainly facilitated the gathering of important intelligence, the development of capabilities, and potentially the pre-positioning of effects in highly sensitive networks.” Slowik said in an article to be presented at the Virus Bulletin conference this week.

[ad_2]

Source link