Russia Increased Cyber Espionage Against Countries Supporting Ukraine, Microsoft Says

The U.S. saw the most of any country outside Ukraine, accounting for 12% of the global total since the war in Ukraine began, the tech company said.

“As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up their network penetration and espionage activities targeting governments outside Ukraine,” the report said. “This increase appears to be most focused on obtaining information from inside the governments that are playing critical roles in the West’s response to the war.”

Senior Biden administration officials warned before Russia’s invasion of Ukraine that Moscow was likely to take aim at the U.S. with cyberattacks, though catastrophic attacks on critical infrastructure have either not taken place or been unsuccessful thus far.

Microsoft didn’t provide data to compare the recent flurry of alleged Russian cyber operations with what the company’s threat intelligence team normally observes, but described it generally as an increase in activity. Because Microsoft products are so widely used across the globe, the company has unique visibility into the actions of various hacking groups.

The Russian Embassy in Washington didn’t immediately respond to a request for comment. Moscow has routinely denied allegations of cyberattacks against other countries and said it has been victimized recently by cyberattacks launched by Western powers.

Since the war began Feb. 24, Microsoft said it had detected Russian network intrusion efforts on 128 targets in 42 countries outside Ukraine, which cyber firms and the Ukrainian government have said has also suffered a regular onslaught of Russian cyberattacks. Many of the alleged Russian attacks were unsuccessful and smaller in scale than what many experts initially anticipated. Microsoft said in April that half a dozen hacking groups linked to the Russian government had attempted hundreds of cyberattacks in Ukraine since Russia’s invasion, including dozens intended to destroy computer systems.

Overall, 63% of the global tally of Russia-linked attacks were against NATO members, Microsoft said, and those geographically closest to Ukraine have sustained the most attacks, with Poland enduring more than any other in the region. The targets have included Baltic countries, and during the past two months Microsoft said it had seen an increase in activity against computer networks in Denmark, Norway, Finland, Sweden and Turkey, as well as the targeting of foreign ministries in other countries that are part of NATO.

So far just under a third of the alleged cyber-espionage attacks successfully compromised the targets, Microsoft said, and at least a quarter of those successes have led to confirmed theft of data.

Russia has also increased its use of cyber-enabled influence operations against both domestic and international audiences in an attempt to boost its war goals, efforts that have included the deliberate spread of false narratives intended to undermine Western unity with Ukraine, Microsoft said.

Write to Dustin Volz at [email protected]

The U.S. saw the most of any country outside Ukraine, accounting for 12% of the global total since the war in Ukraine began, the tech company said.

“As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up their network penetration and espionage activities targeting governments outside Ukraine,” the report said. “This increase appears to be most focused on obtaining information from inside the governments that are playing critical roles in the West’s response to the war.”

Senior Biden administration officials warned before Russia’s invasion of Ukraine that Moscow was likely to take aim at the U.S. with cyberattacks, though catastrophic attacks on critical infrastructure have either not taken place or been unsuccessful thus far.

Microsoft didn’t provide data to compare the recent flurry of alleged Russian cyber operations with what the company’s threat intelligence team normally observes, but described it generally as an increase in activity. Because Microsoft products are so widely used across the globe, the company has unique visibility into the actions of various hacking groups.

The Russian Embassy in Washington didn’t immediately respond to a request for comment. Moscow has routinely denied allegations of cyberattacks against other countries and said it has been victimized recently by cyberattacks launched by Western powers.

Since the war began Feb. 24, Microsoft said it had detected Russian network intrusion efforts on 128 targets in 42 countries outside Ukraine, which cyber firms and the Ukrainian government have said has also suffered a regular onslaught of Russian cyberattacks. Many of the alleged Russian attacks were unsuccessful and smaller in scale than what many experts initially anticipated. Microsoft said in April that half a dozen hacking groups linked to the Russian government had attempted hundreds of cyberattacks in Ukraine since Russia’s invasion, including dozens intended to destroy computer systems.

Overall, 63% of the global tally of Russia-linked attacks were against NATO members, Microsoft said, and those geographically closest to Ukraine have sustained the most attacks, with Poland enduring more than any other in the region. The targets have included Baltic countries, and during the past two months Microsoft said it had seen an increase in activity against computer networks in Denmark, Norway, Finland, Sweden and Turkey, as well as the targeting of foreign ministries in other countries that are part of NATO.

So far just under a third of the alleged cyber-espionage attacks successfully compromised the targets, Microsoft said, and at least a quarter of those successes have led to confirmed theft of data.

Russia has also increased its use of cyber-enabled influence operations against both domestic and international audiences in an attempt to boost its war goals, efforts that have included the deliberate spread of false narratives intended to undermine Western unity with Ukraine, Microsoft said.

Write to Dustin Volz at [email protected]