Beijing-backed hackers sparked a crisis this year after theyExchange email servers had been hacked through vulnerabilities Microsoft didn’t know about. Microsoft emphasizes, however, that Russian hackers are far more productive than those from China or any other nation.
“Last year, 58% of all nation-state cyberattacks observed by Microsoft came from Russia,” said Tom Burt, corporate vice president of Microsoft, in a blog post on Microsoft’s Digital Defense Report, in which he described last year’s government-sponsored hacker attacks describes in detail.
According to the 130-page Microsoft Digital Defense Report, the US was the target of 46% of state-directed cyberattacks. Germany is also one of the most important target countries with three percent.
The United States and the United Kingdom blamed the Russian Foreign Intelligence Service (SVR) for the massive attack on the software supply chain of the US corporate software provider SolarWinds. Approximately 18,000 customers received a malicious software update for the vendor’s Orion network management software that contained the Sunburst backdoor. About 100 US customers were then attacked, including leading technology companies and US government agencies.
Burt warned that the past year had shown that the Kremlin-backed hackers were “becoming more effective” as their attacks were increasingly successful and fueled by espionage and intelligence campaigns. Many attacks attributed to Russia have targeted virtual private network software () in companies.
“Russian nation-state actors are increasingly targeting government agencies to gather information that has increased from 3% a year ago to 53% – mostly agencies related to foreign policy, national security or defense,” he said. Russia’s hacker attacks are primarily politically motivated, with the US, Ukraine and the UK being the top targets, according to Microsoft.
But other common suspects also appear in Microsoft’s Digital Defense Report 2021, including Iran and North Korea. A new addition is Turkey, which has developed a preference for Trojans.
It is striking that the work of Israeli cyber teams is not mentioned in Microsoft’s report. The NSO Group is based in Israel and is notorious for its exploits for iPhones. And the activities of other western secret services are also discreetly concealed.
Russian state hacking has mainly focused on Ukraine. Meanwhile, Israel was increasingly attacked by Iranian hackers. “The Russia-based hacker group NOBELIUM increased the number of Ukrainian victims from six last year to more than 1,200 this year by targeting the interests of the Ukrainian government,” Microsoft said in its Digital Defense Report.
“This year, the number of attacks on Israeli facilities has almost quadrupled, solely due to Iranian actors focusing on Israel as tensions between the adversaries escalated dramatically.”
The public entities that are under attack by hackers are mostly “foreign ministries and other global government bodies involved in international affairs,” according to Microsoft, while phishing attacks, in which credentials are to be intercepted, both consumers – as well as company accounts.
Russian hackers have developed attacks on supply chains for the past decade. The biggest attack on the supply chain before SolarWinds was NotPetya in 2017, which spread via a little-known Ukrainian accounting software package, causing industrial groups to lose billions.
Software supply chain attacks work because they are carried out through updates from trusted software vendors, including security companies. SolarWinds may not be a household name, but it’s a big name in corporate IT.
Now almost all of the major US cybersecurity companies support US President Jo Biden’s cybersecurity regulation, which encourages the idea that even trusted networks cannot be trusted.
However, critical infrastructures are the real change in the targets chosen by Russian hackers. Biden reportedly told Russian President Vladimir Putin that critical infrastructures should be “off-limits”, although this is a delicate position for the US when the world’s most skilled hackers are known to work at the National Security Agency that Stuxnet developed, to attack Iran’s uranium enrichment facilities. Microsoft’s top executives have previously criticized the National Security Agency (NSA) for hoarding zero-day exploits.
“From July 2020 to June 2021, critical infrastructure was not the focus of the NSN information tracked. China-based threat actors showed the greatest interest in these targets, while Russia-based threat actors were the least likely to target critical infrastructure facilities, ”the Microsoft report said.
“The Russian NOBELIUM’s cyber operations are a perfect example of how Russia is more interested in gaining access and gathering intelligence than targeting critical infrastructures for potential disruptions.”