Russia has been ramping up its cyberespionage operations in 2023, according to a new Microsoft intelligence report looking at Russia’s hybrid warfare in Ukraine.
Russia has launched many disruptive cyberattacks against Ukraine, including DDoS attacks and wiper attacks, and has intensified its disinformation campaigns. Since the start of the conflict, Moscow-backed hackers have deployed at least two ransomware and nine families of erasers against more than 100 organizations.
However, Ukraine is not the only country targeted by Russian state-sponsored cyber actors since the start of the war, particularly when it comes to cyber espionage operations.
A report released Wednesday by Microsoft’s threat intelligence unit shows that at least 17 European countries have been targeted by spying campaigns in the first months of 2023, and 74 countries have been targeted since the start of the war.
Of these 74 countries (the list does not include Ukraine), Microsoft had the highest percentage of attacks against the United States (21%), followed by Poland (10%) and the United Kingdom (9%).
“EU and NATO member states, especially on the eastern flank, dominate the top 10 most attacked countries by the number of recorded threat events. However, Russian threat actors conducted activities ranging from reconnaissance to data exfiltration in organizations around the world, in Africa, Asia, Latin America, and the Middle East,” Microsoft explained.
Unsurprisingly, the government sector was the most objective, followed by IT/communications and think tank/NGO.
[ Read: A Year of Conflict: Cybersecurity Industry Assesses Impact of Russia-Ukraine War ]
While most of the attacks were part of espionage operations, Microsoft warned that state-sponsored threat actors “have already shown a willingness to use destructive tools outside
Ukraine if ordered.”
The Microsoft report highlights three trends related to Russia’s tactics: disguising destructive attacks as ransomware; the use of various methods for initial access, including pirated software, vulnerability exploitation, and supply chain attacks; and the use of real and fake hacktivists for power projection.
The Microsoft report was published on the same day the tech giant revealed that a Russian threat group has been exploiting an Outlook zero-day vulnerability in attacks targeting the government, transportation, energy and military sectors in Europe.
Related: Russia-linked ‘Winter Vivern’ APT targeting governments in Europe and Asia
Related: Russian Cyberspies Abusing EU Information Sharing Systems in Government Attacks
Related: Exploitation of Bitrix CMS vulnerability drives rise in ICS attacks in Russia
