Russia behind 58% of state-backed hacks, Microsoft claims

Nation-state hacking has about a 10-20 per cent success rate, says Microsoft’s head of Digital Security

Anthony Cuthbertson
Thursday 07 October 2021 12:37 EDT
Comments
Research from Microsoft in October 2021 revealed Russia is behind nearly two thirds of all state-backed hacks
Research from Microsoft in October 2021 revealed Russia is behind nearly two thirds of all state-backed hacks (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Russia was behind 58 per cent of all state-backed cyber attacks carried out over the past year on Western targets, according to new research conducted by Microsoft.

Prominent targets reportedly included government agencies and think tanks in the US, UK, Ukraine, as well as European Nato members.

The devastating effectiveness of the long-undetected SolarWinds hack - it mainly breached information technology businesses including Microsoft - also boosted Russian state-backed hackers’ success rate to 32 per cent in the year ending 30 June, compared with 21 per cent in the preceding 12 months.

China, meanwhile, accounted for fewer than one in 10 of the state-backed hacking attempts Microsoft detected but was successful 44 per cent of the time in breaking into targeted networks, Microsoft said in its second annual Digital Defence Report, which covers July 2020 to June 2021.

While Russia’s prolific state-sponsored hacking is well known, Microsoft’s report offers unusually specific detail on how it stacks up against that by other US adversaries.

The report also cited ransomware attacks as a serious and growing plague, with the United States by far the most targeted country, hit by more than triple the attacks of the next most targeted nation.

Ransomware attacks are criminal and financially motivated, typically demanding a sum of cryptocurrency in exchange for returning access controls to a computer system.

By contrast, state-backed hacking is chiefly about intelligence gathering - whether for national security or commercial or strategic advantage - and thus generally tolerated by governments, with US cyber operators among the most skilled.

The report by Microsoft, which works closely with Washington government agencies, does not address US government hacking.

The SolarWinds hack was such an embarrassment to the US government, however, that some Washington legislators demanded some sort of retaliation.

President Joe Biden has had a difficult time drawing a red line for what cyberactivity is permissible.

He has issued vague warnings to President Vladimir Putin to get him to crack down on ransomware criminals, but several top administration cybersecurity officials said this week that they have seen no evidence of that.

Overall, nation-state hacking has about a 10-20 per cent success rate, said Cristin Goodwin, who heads Microsoft’s Digital Security Unit, which is focused on nation-state actors.

“It’s something that’s really important for us to try to stay ahead of - and keep driving that compromised number down - because the lower it gets, the better we’re doing,” Ms Goodwin said.

Ms Goodwin finds China’s “geopolitical goals” in its recent cyberespionage especially notable, including targeting foreign ministries in Central and South American countries where it is making Belt and Road Initiative infrastructure investments and universities in Taiwan and Hong Kong where resistance to Beijing’s regional ambitions is strong.

The findings further belie as obsolete any conventional wisdom that Chinese cyber spies’ interests are limited to pilfering intellectual property.

Russian hack attempts were up from 52 per cent in the 2019-20 period as a share of global cyber-intrusion bids detected by the “nation-state notification service” that Microsoft employs to alert its customers.

For the year ending June 30, North Korea was second as country of origin at 23 per cent, up from less than 11 per cent previously.

China dipped to 8 per cent from 12 per cent, but attempt volume and efficacy are different matters.

North Korea’s failure rate on spear-phishing - targeting individuals, usually with booby-trapped emails - was 94 per cent in the past year, Microsoft found.

Only 4 per cent of all state-backed hacking that Microsoft detected targeted critical infrastructure, the company said, with Russian agents far less interested in it than Chinese or Iranian cyber-operatives.

After the SolarWinds hack was discovered in December, the Russians transitioned back to focus mostly on government agencies involved in foreign policy, defence and national security, followed by think tanks then healthcare, where they targeted organisations developing and testing Covid-19 vaccines and treatments in the United States, Australia, Canada, Israel, India and Japan.

In the report, Microsoft said Russian state hackers’ recent greater efficacy “could portend more high-impact compromises in the year ahead”.

Accounting for more than 92 per cent of the detected Russian activity was the elite hacking team in Russia’s SVR foreign intelligence agency best known as Cozy Bear.

Cozy Bear, which Microsoft calls Nobelium, was behind the SolarWinds hack, which went undetected for most of 2020 and whose discovery badly embarrassed Washington.

Among badly compromised US government agencies was the Department of Justice, from which the Russian cyber spies exfiltrated 80% of the email accounts used by the US attorneys’ offices in New York.

Microsoft’s nation-state notifications, of which about 7,500 were issued globally in the period covered by the report, are by no means exhaustive, and only reflect what Microsoft was able to detect.

Additional reporting from agencies.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in