by Frank Bajak | The Associated Press
BOSTON – Russia has accounted for most of the state-sponsored hacking discovered by Microsoft in the past year, with a 58% share targeting government agencies and think tanks mostly in the United States, followed by Ukraine, the UK and European countries. NATO members, the company said.
The devastating effectiveness of the long-known SolarWinds hack – it primarily breached information technology businesses including Microsoft – brought the success rate of Russian state-backed hackers to 32% in the year ended June 30, compared to 21% in the previous 12 months. Extended.
Meanwhile, China accounted for less than 1 in 10 of state-backed hacking attempts, Microsoft detected, but was 44% successful in breaking into targeted networks, Microsoft said in its second annual Digital Defense report. , which covers from July 2020 to June. 2021.
While Russia’s prolific state-sponsored hacking is well known, Microsoft’s report provides unusually specific details of how it stacks up against it by other US adversaries.
The report also cited ransomware attacks as a serious and growing plague, with the United States being by far the most targeted nation, with more than three times the number of attacks as the next most targeted nation. Ransomware attacks are criminal and financially motivated.
In contrast, state-backed hacking is primarily about intelligence gathering – whether for national security or commercial or strategic gain – and is thus generally tolerated by governments, which have the most skilled US cyber operators. Microsoft Corp. The report, which Washington works closely with government agencies, does not address the hacking of the US government.
The SolarWinds hack was such an embarrassment to the US government, however, that some Washington lawmakers called for some sort of retaliation. President Joe Biden has had a hard time drawing a red line for allowing cyber activity. They have issued a vague warning to President Vladimir Putin on cracking down on ransomware criminals, but several top cybersecurity officials in the administration said this week that they saw no evidence of it.
Overall, nation-state hacking has a success rate of about 10%-20%, said Kristin Goodwin, who heads Microsoft’s digital security unit, which focuses on nation-state actors. “It’s something that’s really important for us to try to stay ahead — and keep reducing that compromise number — because the lower it is, the better we’re doing,” Goodwin said.
Goodwin found China’s “geopolitical targets” particularly noteworthy in its recent cyber espionage, which includes targeting foreign ministries in Central and South American countries, where it is working on the Belt-and-Road Initiative in Taiwan and Hong Kong. Infrastructure investments and universities are building where Beijing’s regional ambitions are in resistance. sure. The findings further obsolete any conventional wisdom that the interests of Chinese cyber spies are limited to intellectual property theft.
Russian hack attempts in the 2019-20 period were up 52% as part of the global cyber-infiltration bids discovered by the “nation-state notification service” that Microsoft employs to alert its customers. For the year ending June 30, North Korea was in second place as a country of origin with 23%, down from 11% previously. China fell from 12% to 8%.
But effort volume and efficacy are different matters. North Korea’s failure rate on spear-phishing — targeting individuals, usually with booby-trap emails — was 94% in the past year, Microsoft found.
Only 4% of all state-backed hacking that Microsoft detected targeted critical infrastructure, the Redmond, Washington-based company said, with Russian agents having little interest in it compared to Chinese or Iranian cyber-operatives.
After the discovery of the SolarWinds hack in December, the Russians transitioned back to focus on government agencies involved in foreign policy, defense and national security, followed by think tanks and then health care, where they developed COVID-19 vaccines and treatments. Targeted development and testing organizations. in the United States, Australia, Canada, Israel, India and Japan.
In the report, Microsoft said the recent greater efficacy of Russian state hackers “could portend more high-impact compromises in the coming year.” Accounting for more than 92% of known Russian activity was the elite hacking team at Russia’s SVR foreign intelligence agency known as the Cozy Bears.
Cozy Bear, which Microsoft calls Nobelium, was behind the SolarWinds hack, which went undetected for much of 2020 and whose discovery deeply embarrassed Washington. Among the badly compromised US government agencies was the Justice Department, whereby Russian cyber spies took out 80% of the email accounts used by US attorneys’ offices in New York.
Microsoft’s nation-state notifications, of which approximately 7,500 were issued globally in the period covered by the report, are by no means exhaustive. They only represent what Microsoft looks for.