Microsoft Highlights Russian Cyber Espionage on Ukraine’s Allies

A Person in a dark room working on two screens

Microsoft revealed on Wednesday that Russia has ramped up cyberattacks against countries supporting Ukraine since the start of the conflict.

In a detailed report, the Microsoft Threat Intelligence Center (MSTIC) said Russia has targeted 128 entities in 42 countries, and almost half of the targets are government agencies.

Attacks Aimed at Gathering Intelligence

According to Microsoft, the main purpose of Russia’s network intrusions was cyber espionage and gathering intelligence about the target governments’ support for Ukraine.

The Microsoft threat intelligence team found that 29 percent of the attacks were successful. The threat actors managed to exfiltrate their target’s data in about a quarter of the successful intrusions.

These findings are a key part of Microsoft’s efforts to shed light on Russia’s state-sponsored cyber activity against Ukraine amid the ongoing war.

Since February, Microsoft has published information about Russian cyber activities, including insights on coordinated military offensives and cyberattacks. These reports show that Russia’s cyberattacks are designed to undermine the Ukrainian government.

63% of Attacks Against NATO Members, U.S. Most Targeted

A majority of the attacks targeted organizations in NATO member states. And, outside of Ukraine, entities in the U.S. were most targeted. Some other countries that were targeted include Poland, Latvia, Lithuania, Denmark, Norway, Finland, and Sweden.

The report contains insightful statistics about the targeted entities. Government agencies accounted for a sizeable chunk of the targets (49 percent), while 20 percent were against entities in the IT sector. The other targets were critical infrastructure companies (19 percent), and NGOs such as think tanks and humanitarian groups (12 percent).

Propaganda Is a Weapon for Russia

Microsoft also shed some light on Russia’s propaganda machinery and its key targets. According to the report, Russia is spreading propaganda to four distinct audiences, namely people in Russia, people in Ukraine, U.S. and Western nations, and people from non-aligned countries. The aims of Russia’s propaganda machine differ based on the audience.

To achieve their propaganda goals, Russian cyber actors use techniques such as pre-positioning false narratives on the internet. Here, the actors drop false reports and stories surrounding the war on the web, where they can stay unnoticed. Over time, these stories come to the surface and seem to gain credibility.

“Agencies across the Russian government are targeting each audience in textbook fashion through cyber influence operations,” the report said. “These use some tactics that are like those Microsoft has long observed in other Russian cyber activities.”

Microsoft has taken a firm stance against Russia in the ongoing conflict. The company has significantly scaled down its operations in the country and has suspended sales of new products and services in Russia. Earlier this week, reports surfaced that people in Russia were unable to download Windows 10 and 11 ISOs and installation tools.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.