Russia responsible for over half of all state-sponsored hacking, Microsoft says

Attacks focused on political groups, rather than national infrastructure, in an attempt to affect other governments’ policy

Adam Smith
Friday 02 October 2020 09:57 EDT
Comments
Vladimir Putin
Vladimir Putin (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Russia is responsible for over half of all state-sponsored hacking, vastly more than any other state, according to a new report from Microsoft.

Russian activity made up 52 per cent of all attacks between July 2019 and June 2020, the software giant’s Digital Defence Report states

It is followed by Iran, which makes up 25 per cent of the attacks monitored.

China is responsible for 12 per cent of attacks, while North Korea and other states make up the final 11 per cent.

The majority of their targets have been in the United States, which is targeted 69 per cent of the time. The United Kingdom is the next most popular victim, receiving 19 per cent of attacks, followed by Canada, South Kora, and Saudi Arabia.

While there has been much concern over recent years that countries’ criticial national infastructure – such as the national grid of financial services – could be targeted by hackers, Microsoft says that is not the most common target.

According to the software giant, 90 per cent of attacks from nation-states have been focused on “nongovernmental organisations (NGOs), advocacy groups, human rights organizations and think tanks focused on public policy, international affairs or security.”

The company suggests that nation-states are hoping to influence government policy through subtler means, rather than targeting infrastructure directly.

Other motivations of the hackers, Microsoft says, include attacking areas that are criticial to the stability, prosperity, and survival of opposing countries.

“Microsoft observed 16 different nation-state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics,” Microsoft corporate VP Tom Burt said in a blog post about the report.

“These COVID-themed attacks targeted prominent governmental health care organizations in efforts to perform reconnaissance on their networks or people. Academic and commercial organizations involved in vaccine research were also targeted.”

This includes using spear-phishing via Microsoft Word documents, and used unique credentials by imitating an American fast-food chain’s email about the coronavirus, as well as fake online coupons.

Google had tracked similar attacks, with state-sponsored campaign apparently targetting US government employees with offers of free fast food.

It was one of 18 million attempted scam messages per day related to Covid-19.

Hackers from China have been targeting medial institutions in the United States and Asia, attempting to steal proprietary information during the coronavirus pandemic, the report alleges.

As the coronavirus pandemic continues, hackers from Iran and South Korea have focused on global health institutions.

Recently, Russia was also accused of stealing secret research on coronavirus vaccines from UK labs, according to the NCSC. 

It is believed that vaccine research facilities at Oxford University and Imperial College London are among institutions targeted by the hackers, who are thought to operate by exploiting weaknesses in VPN and external mail services used by researchers.

This form of attack is explicitly mentioned in Microsoft’s report, which states that the most common tactics of the hackers include gathering information, such as the passwords and addresses of email accounts, infecting systems with malware, and “consistently targeting and frequently compromising outdated and unpatched VPN infrastructure”.

This week, Russian President Vladimir Putin proposed a global non-aggression pact on cyberwarfare, suggesting that the United States and other countries should not make cybersecurity a “hostage of political disagreement”.

Microsoft had said last month that the Russian hacking group Strontium has attacked over 200 organizations including political campaigns, advocacy groups, parties and political consultants ahead of the presidential election in November.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in