Russian State-Sponsored Hackers Are Getting Better In Hacking Foreign Governments, Said Microsoft

27/10/2021

Espionage and stealing sensitive information, to creating damage and crippling infrastructures and government agencies don't require physical presence or face-to-face confrontation.

Using the internet as the medium, experienced hackers that are backed with enough resources can cause more damage to targets in a small timeframe, than what many field personnel can ever do.

And this time, Microsoft said that state-sponsored cyber espionage missions that are backed by the Russian government are having greater success at breaching foreign government targets, especially those in the U.S..

On its report that focuses on state-backed and cybercriminal activities, the company said that government organizations accounted for more than 50% of all targets targeted by Moscow-liked attacks in a year until June 2021, compared to just 3% the previous period.

The success rate of Russian intrusions into government and non-government targets has gone up year over year, the technology giant said.

Nation-state hacks, report from Microsoft
Credit: Microsoft

Microsoft publicized the report as Joe Biden's administration is planning to bolster U.S. government's defenses against cyberattacks from foreign countries, and share their findings with its allies.

The Biden administration has blamed Russia's foreign intelligence service, the SVR, for espionage.

Before that, the European Union has also alleged Russian hacking and leaking operations were aimed at interfering in democracy.

While the U.S. and its allies are already condemning hack attacks from Russia and China, the two are "still comfortable leaning into nation-state attacks," said Cristin Goodwin, associate general counsel and head of Microsoft's Digital Security Unit.

"And we're seeing that increase."

It is said that Russian-backed hackers had at least breached nine U.S.-based federal agencies in 2020 alone, by exploiting software made by SolarWinds, a Texas-based firm. Later, that same Russian hacking group is then blamed to have continued their activities and tried to breach a number of U.S. and EU's government organizations.

Microsoft also said that Moscow has other campaigns that carry out different missions against valuable targets in the U.S. and its allies.

Some of those hacking groups specialize in infiltrating critical infrastructure firms, both to collect information and, and in some other cases, can also include creating strong foothold in networks in the event of a conflict, according to some U.S. officials and private sector experts.

Microsoft also reported that 58% of government-linked hacking attempts originated from Russia, followed by 23% from North Korea, 11% from Iran and 8% from China.

Nation-state hacks, report from Microsoft
Credit: Microsoft
"Espionage more prevalent than destructive attacks.

The two main goals of nation state actors have not changed either. In the last year, espionage, and more specifically, intelligence collection, has been a far more common goal than destructive attacks. Iran has been the only nation state actor willing to regularly engage in destructive attacks, mostly against Israel. These cyberattacks happened within a political environment in which both countries were trading blows just short of military strikes, including attacks on one another’s cargo ships.

With tensions already so high, the decision to use cyber for destructive attacks was less of a strategic leap for Iran than it would have been for North Korea, Russia, or China. While nations other than Iran mostly refrained from destructive attacks, they did continue to compromise victims that would be prime candidates for destructive attacks if tensions increased to the point where governments made strategic decisions to escalate cyber warfare.

The 'Most targeted sectors' chart in this chapter section shows that nearly 80% of those targeted were either in government, NGOs, or think tanks.

Think tanks often serve as policy incubators and implementers, with strong ties to current and former government officials and programs. Threat actors can and do exploit the connections between the more traditional NGO community and government organizations to position themselves to gain insights into national policy plans and intentions.

As noted, it’s the think tanks with ideas relevant to current or future government policy or political objectives that put these organizations into the line of sight for intelligence operations."

And just like before, Moscow has denied any involvement in the hacking.

It should be noted that in the report, Microsoft didn't include unsuccessful hack attempts by U.S. adversaries, and didn't report any cyber-espionage done by the U.S.