Russia responsible for over half of all state-sponsored hacking, Microsoft says

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Russia is responsible for over half of all state-sponsored hacking, vastly more than any other state, according to a new report from Microsoft.

Russian activity made up 52 per cent of all attacks between July 2019 and June 2020, the software giant’s Digital Defence Report states. 

It is followed by Iran, which makes up 25 per cent of the attacks monitored.

China is responsible for 12 per cent of attacks, while North Korea and other states make up the final 11 per cent.

The majority of their targets have been in the United States, which is targeted 69 per cent of the time. The United Kingdom is the next most popular victim, receiving 19 per cent of attacks, followed by Canada, South Kora, and Saudi Arabia.

While there has been much concern over recent years that countries’ criticial national infastructure – such as the national grid of financial services – could be targeted by hackers, Microsoft says that is not the most common target.

According to the software giant, 90 per cent of attacks from nation-states have been focused on “nongovernmental organisations (NGOs), advocacy groups, human rights organizations and think tanks focused on public policy, international affairs or security.”

The company suggests that nation-states are hoping to influence government policy through subtler means, rather than targeting infrastructure directly.

Other motivations of the hackers, Microsoft says, include attacking areas that are criticial to the stability, prosperity, and survival of opposing countries.

“Microsoft observed 16 different nation-state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics,” Microsoft corporate VP Tom Burt said in a blog post about the report.

“These COVID-themed attacks targeted prominent governmental health care organizations in efforts to perform reconnaissance on their networks or people. Academic and commercial organizations involved in vaccine research were also targeted.”

This includes using spear-phishing via Microsoft Word documents, and used unique credentials by imitating an American fast-food chain’s email about the coronavirus, as well as fake online coupons.

Google had tracked similar attacks, with state-sponsored campaign apparently targetting US government employees with offers of free fast food.

It was one of 18 million attempted scam messages per day related to Covid-19.

Hackers from China have been targeting medial institutions in the United States and Asia, attempting to steal proprietary information during the coronavirus pandemic, the report alleges.

As the coronavirus pandemic continues, hackers from Iran and South Korea have focused on global health institutions.

Recently, Russia was also accused of stealing secret research on coronavirus vaccines from UK labs, according to the NCSC. 

It is believed that vaccine research facilities at Oxford University and Imperial College London are among institutions targeted by the hackers, who are thought to operate by exploiting weaknesses in VPN and external mail services used by researchers.

This form of attack is explicitly mentioned in Microsoft’s report, which states that the most common tactics of the hackers include gathering information, such as the passwords and addresses of email accounts, infecting systems with malware, and “consistently targeting and frequently compromising outdated and unpatched VPN infrastructure”.

This week, Russian President Vladimir Putin proposed a global non-aggression pact on cyberwarfare, suggesting that the United States and other countries should not make cybersecurity a “hostage of political disagreement”.

Microsoft had said last month that the Russian hacking group Strontium has attacked over 200 organizations including political campaigns, advocacy groups, parties and political consultants ahead of the presidential election in November.