Russia escalates cyber espionage against Ukraine and allies

Russian hacking groups have been targeting Ukraine and American organisations the most according to new data from Microsoft. The alleged Russian hacking spree has spanned 42 countries, focused on a range of sectors that might have valuable information related to the war, from governments to think tanks, to humanitarian groups. The hacking attempts have successfully penetrated defenses 29 per cent of the time, according to Microsoft. Out of those successful breaches, a quarter resulted in data stolen from networks.

Microsoft noted that it "didn't have a full view of the hacking" due to some customers storing data on "their own systems rather than in Microsoft's cloud computing infrastructure".

According to CNN, various governments have likely stepped up their offensive cyber activities related to the Ukraine war as they search for insights on the fighting and the global fallout from it.

The US military's hacking unit, Cyber Command has conducted a "full spectrum" of offensive, defensive and information operations in support of Ukraine, the head of the command confirmed this month. US officials continue to study Russia's efforts to supplement its kinetic war in Ukraine with cyber operations.

According to Secureworks researchers, China has also trained hackers on targets related to the Ukraine war, observing suspected Chinese attempting to break into computers linked to officials in the Russian city of Blagoveshchensk, near the Chinese border.

Alleged Russian hacking incidents in Ukraine since the February invasion include a significant hack of a satellite operator, which knocked out internet service for tens of thousands of satellite modems as the invasion unfolded, and major waves of data-wiping hacks aimed at destabilising Ukrainian government agencies.

Ukrainian officials have also accused the Russians of routing internet traffic in occupied parts of Ukraine through Russian internet providers and subjecting those connections to censorship.

Some of those tactics "may form parts of China's playbook" in future attempts by Beijing to project power beyond its borders, Mieke Eoyang, deputy assistant secretary of defense for cyber policy told CNN at an event in Washington hosted by the think tank Third Way.

VIEW ALL

"The cyber dimensions of [what Russia is trying to do in Ukraine] are incredibly important to us, especially in the Defense Department, to understand what the playbook might be if another cyber-capable country were to attempt to do this," Eoyang added.

According to the Microsoft report, NATO, the 30-country military alliance that includes the US, Canada and European allies, has been a particular target for Russia's computer operatives.

After the US, NATO member Poland has also been a target for Russian hackers most in recent months, Microsoft researchers found, most likely due to being a hub for delivering humanitarian and military aid to Ukraine.

Prospective, and not just current, NATO members have had to keep their guard up for potential Russian cyber attacks. The governments of Sweden and Finland have been vigilant for Russian hacking before and after they announced their intention to join NATO in May.

The Kremlin has warned Sweden and Finland, which shares hundreds of miles of border with Russia, against joining NATO.

According to Johan Turell, a senior analyst in the cyber security department of the Swedish Civil Contingencies Agency, a government organisation that prepares for natural and man-made crises, Swedish officials have encouraged critical infrastructure operators to lower their thresholds for reporting suspicious cyber activity to authorities for months.

As Ukrainian President Volodymyr Zelensky spoke by video conference with the Finnish parliament on 8 April, a cyber attack briefly knocked Finland's ministries of foreign affairs and defense websites offline. The websites quickly came back online, and some digital forensics specialists have linked the hack, which did not cause any serious disruption, to Russia.

In an interview with CNN, Mikko Hyppönen, a prominent Finnish cyber security executive, "had no doubt that the attack was Russian", after reviewing technical evidence.

"We don't know if this was Russian patriotic hackers, or an entity linked more directly to [the] Russian government.

"If Russia is trying to scare us with these attacks, they are failing," Hyppönen said, who is chief research officer at cyber security firm WithSecure.

Moscow routinely denies hacking accusations, and the Russian Embassy in Washington has not yet to responded to questions regarding Microsoft's new findings published last week.

[Related: Google raises alarm on Italian spyware infiltrating Apple and Android phones]