Russia is behind 58% of detected state-sponsored hacks
BOSTON (AP) – Russia accounted for most state-sponsored hacks detected by Microsoft over the past year, with a 58% share, mainly targeting government agencies and think tanks in the United States , followed by Ukraine, Britain and European members of NATO, the company said.
The devastating effectiveness of the long-undetected SolarWinds hack – it mainly penetrated information technology companies, including Microsoft – also drove the success rate of Russian state-backed hackers to 32% over the course of the year ending June 30, compared to 21% in the previous 12 months.
China, meanwhile, accounted for less than one in ten state-sponsored hacking attempts that Microsoft detected, but succeeded 44% of the time in breaking into targeted networks, Microsoft said in its report. second annual report on digital defense, which covers July 2020 to June. 2021.
While the prolific Russian state-sponsored hack is well known, Microsoft’s report offers unusually precise details of how it stacks up against that of other American adversaries.
The report also cited ransomware attacks as a serious and growing scourge, with the United States by far the most targeted country, hit by more than triple the attacks of the second most targeted country. Ransomware attacks are criminal and financially motivated.
In contrast, state-sponsored hacking is primarily about intelligence gathering – whether for national security or a business or strategic advantage – and therefore generally tolerated by governments, with US cyber operators among the most skilled. The report from Microsoft Corp., which works closely with government agencies in Washington, does not address the US government hack.
However, the SolarWinds hack embarrassed the US government so much that some lawmakers in Washington demanded some sort of retaliation. President Joe Biden has struggled to draw a red line as to what cyber activity is allowed. He issued vague warnings to President Vladimir Putin to get him to crack down on ransomware criminals, but several senior administration cybersecurity officials said this week they had seen no evidence of it.
Overall, nation-state hacking has a success rate of around 10-20%, said Cristin Goodwin, who heads Microsoft’s digital security unit, which focuses on nation-state actors. . “It’s something that’s really important for us to try to stay ahead of the curve – and continue to bring down that compromised number – because the more it goes down, the better we do,” Goodwin said.
Goodwin finds China’s “geopolitical goals” in its recent cyber espionage to be particularly noteworthy, especially in targeting foreign ministries in Central and South American countries where it is making investments in Belt-and-Belt infrastructure. Road-Initiative and universities in Taiwan and Hong Kong where resistance to Beijing’s regional ambitions is strong. The results further refute as obsolete any misconception that the interests of Chinese cyber-spies are limited to the theft of intellectual property.
Russian hacking attempts increased by 52% in the period 2019-2020 as a percentage of global cyber intrusion offerings detected by the “nation-state notification service” that Microsoft uses to alert its customers. For the year ending June 30, North Korea was the second country of origin with 23%, down from less than 11% previously. China fell to 8% from 12%.
But the volume of attempts and the effectiveness are two different things. North Korea’s failure rate for spear phishing – targeting individuals, usually with spoofed emails – was 94% last year, Microsoft found.
Only 4% of all state-backed hacks that Microsoft detected were aimed at critical infrastructure, the Redmond, Washington-based company said, with Russian agents much less interested than Chinese or Iranian cyber operators.
After the discovery of the SolarWinds hack in December, the Russians returned to focus primarily on government agencies involved in foreign policy, defense and national security, followed by think tanks and then healthcare, where they targeted organizations developing and testing COVID-19 vaccines and treatments. in the United States, Australia, Canada, Israel, India and Japan.
In the report, Microsoft said the recent increased efficiency of Russian state hackers “may portend more high-impact tradeoffs in the year to come.” Russian foreign intelligence agency SVR’s elite hacking team, better known as Cozy Bear, accounted for more than 92% of detected Russian activity.
Cozy Bear, which Microsoft calls Nobelium, was behind the SolarWinds hack, which went undetected for most of 2020 and the discovery of which greatly embarrassed Washington. Among the severely compromised US government agencies was the Justice Department, whose Russian cyber spies exfiltrated 80% of the email accounts used by US attorneys’ offices in New York.
Microsoft’s notifications to nation states, of which approximately 7,500 were issued worldwide during the reporting period, are by no means exhaustive. They only reflect what Microsoft detects.
Copyright 2021 The Associated Press. All rights reserved.