Tech & ScienceTop StoryWorld

Russia behind 58% of state-backed hacks detected Microsoft

Russia

Most targets were government agencies, and the shocking part is Russia is the main aggressor of computer hacking not China as previously thought.  China, meanwhile, accounted for fewer than 1 in 10 of the state-backed hacking attempts Microsoft detected. The Associated Press has the story:

The Microsoft report cited ransomware attacks as a serious and growing plague, with the United States as the main target

BOSTON (AP) — Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said.

FILE – In this Nov. 10, 2016, file photo, people walk past a Microsoft office in New York. Microsoft on Oct. 7, 2021, says Russia once again accounted for most state-sponsored hacking, with a 58% share of intrusion attempts it detected in the past year. The targets were mostly government agencies — in the United States, followed by Ukraine, Britain and European NATO members. (AP Photo/Swayne B. Hall, File)

The devastating effectiveness of the long-undetected SolarWinds hack — it mainly breached information technology businesses including Microsoft — also boosted Russian state-backed hackers’ success rate to 32% in the year ending June 30, compared with 21% in the preceding 12 months.

China, meanwhile, accounted for fewer than 1 in 10 of the state-backed hacking attempts Microsoft detected but was successful 44% of the time in breaking into targeted networks, Microsoft said in its second annual Digital Defense Report, which covers July 2020 through June 2021.

While Russia’s prolific state-sponsored hacking is well known, Microsoft’s report offers unusually specific detail on how it stacks up against that by other U.S. adversaries.

The report also cited ransomware attacks as a serious and growing plague, with the United States by far the most targeted country, hit by more than triple the attacks of the next most targeted nation. Ransomware attacks are criminal and financially motivated.

Bill Gates
Bill Gates is the founder of Microsoft.

By contrast, state-backed hacking is chiefly about intelligence gathering — whether for national security or commercial or strategic advantage — and thus generally tolerated by governments, with U.S. cyber operators among the most skilled. The report by Microsoft Corp., which works closely with Washington government agencies, does not address U.S. government hacking.

The SolarWinds hack was such an embarrassment to the U.S. government, however, that some Washington lawmakers demanded some sort of retaliation. President Joe Biden has had a difficult time drawing a red line for what cyberactivity is permissible. He has issued vague warnings to President Vladimir Putin to get him to crack down on ransomware criminals, but several top administration cybersecurity officials said this week that they have seen no evidence of that.

Russian President Vladimir Putin said a U.S. reconnaissance aircraft was operating
Russian President Vladimir Putin attends his annual live call-in show in Moscow, Russia, Wednesday, June 30, 2021. Speaking in a live call-in program Wednesday, Vladimir Putin has voiced hope that the country could avoid a nationwide lockdown amid a surge of new infections. (Sergei Savostyanov, Sputnik, Kremlin Pool Photo via AP)

Overall, nation-state hacking has about a 10%-20% success rate, said Cristin Goodwin, who heads Microsoft’s Digital Security Unit, which is focused on nation-state actors. “It’s something that’s really important for us to try to stay ahead of — and keep driving that compromised number down — because the lower it gets, the better we’re doing,” Goodwin said.

Goodwin finds China’s “geopolitical goals” in its recent cyberespionage especially notable, including targeting foreign ministries in Central and South American countries where it is making Belt-and-Road-Initiative infrastructure investments and universities in Taiwan and Hong Kong where resistance to Beijing’s regional ambitions is strong. The findings further belie as obsolete any conventional wisdom that Chinese cyber spies’ interests are limited to pilfering intellectual property.

FILE – This May 4, 2021 file photo shows a sign outside the Robert F. Kennedy Department of Justice building in Washington. The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts some of the most prominent federal prosecutors’ offices around the country last year, the Department of Justice said Friday, July 30, 2021. (AP Photo/Patrick Semansky, File)

Russian hack attempts were up from 52% in the 2019-20 period as a share of global cyber-intrusion bids detected by the “nation-state notification service” that Microsoft employs to alert its customers. For the year ending June 30, North Korea was second as country of origin at 23%, up from less than 11% previously. China dipped to 8% from 12%.

But attempt volume and efficacy are different matters. North Korea’s failure rate on spear-phishing — targeting individuals, usually with booby-trapped emails — was 94% in the past year, Microsoft found.

Only 4% of all state-backed hacking that Microsoft detected targeted critical infrastructure, the Redmond, Washington-based company said, with Russian agents far less interested in it than Chinese or Iranian cyber-operatives.

Federal law enforcement agencies secretly seek the data of Microsoft customers
This May 6, 2021 photo shows a sign for Microsoft offices in New York. Federal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year. That’s according to congressional testimony being given Wednesday, June 30, by a senior executive at the technology company. (AP Photo/Mark Lennihan)

After the SolarWinds hack was discovered in December, the Russians transitioned back to focus mostly on government agencies involved in foreign policy, defense and national security, followed by think tanks then health care, where they targeted organizations developing and testing COVID-19 vaccines and treatments in the United States, Australia, Canada, Israel, India and Japan.

In the report, Microsoft said Russian state hackers’ recent greater efficacy “could portend more high-impact compromises in the year ahead.” Accounting for more 92% of the detected Russian activity was the elite hacking team in Russia’s SVR foreign intelligence agency best known as Cozy Bear.

Cozy Bear, which Microsoft calls Nobelium, was behind the SolarWinds hack, which went undetected for most of 2020 and whose discovery badly embarrassed Washington. Among badly compromised U.S. government agencies was the Department of Justice, from which the Russian cyber spies exfiltrated 80% of the email accounts used by the U.S. attorneys’ offices in New York.

Microsoft’s nation-state notifications, of which about 7,500 were issued globally in the period covered by the report, are by no means exhaustive. They only reflect what Microsoft detects.

By FRANK BAJAK

For more tech and science news

Previous Article
Pfizer asks to allow COVID shots for kids ages 5 to 11
Next Article
Ship anchored near oil pipeline boarded by investigators

How useful was this article?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this article.

Latest News

Menu