State-backed Russian hackers have ramped up cyberattacks against allies of Ukraine in recent months, targeting over 100 governments, businesses, humanitarian groups and more in dozens of countries around the world, according to a new report released by Microsoft on Wednesday.
Microsoft President Brad Smith wrote in the report entitled “Defending Ukraine: Early Lessons from the Cyber War” that the company has detected Russian espionage and network penetration efforts targeting 128 organizations in 42 countries, and while the United States has been the primary target, Poland has also been prioritized due to the large amount of “military and humanitarian assistance” being coordinated in the country.
Russia’s focus has largely been on governments, but Microsoft said other targets include “think tanks, humanitarian organizations, IT companies, and energy and other critical infrastructure suppliers.”
Smith said Russia’s efforts have a 29 percent success rate, with nearly a quarter of successful intrusions leading to “confirmed exfiltration of an organization’s data.” Microsoft noted that the data “likely understates the degree of Russian success.”
The cyber activities have helped Russian agencies to conduct “global cyber-influence operations to support their war efforts.”
“These combine tactics developed by the KGB over several decades with new digital technologies and the internet to give foreign influence operations a broader geographic reach, higher volume, more precise targeting, and greater speed and agility,” Smith warned. “Unfortunately, with sufficient planning and sophistication, these cyber-influence operations are well positioned to take advantage of the longstanding openness of democratic societies and the public polarization that is characteristic of current times.”
Smith said Russia’s influence campaign has multiple targets, including the Russian people in an effort to sustain “support for the war effort” and the Ukrainian population to undermine “confidence in the country’s willingness and ability to withstand Russian attacks.”
Russia is also working to influence American and European populations to weaken “Western unity” and deflect “criticism of Russian military war crimes.”
In the report, Microsoft praised the recently updated Code of Practice on Disinformation, a global agreement to “tackle this growing challenge” of online misinformation. Microsoft said it was one of more than 30 online platforms, advertisers, and publishers that signed on to the agreement.
Microsoft’s report argued that deterrence is a key component of the response to Russia’s cyberattacks, but asserted that “we cannot expect nations to change behavior if there is no accountability for violating international rules. Such accountability is uniquely a governmental responsibility.”
Instead, “multilateral and multistakeholder action” – like agreeing to tackle misinformation – “can bring together the governments and public among democratic nations.”
“Governments can then build on these norms and laws to advance the accountability the world’s democracies need and deserve,” the report concluded.