American organizations were the top target of the Russian hacking attempts outside of Ukraine, according to Microsoft, but the alleged Russian hacking has spanned 42 countries, and a range of sectors that might have valuable information related to the war, from governments to think tanks to humanitarian groups.
It’s a reminder of the voracious appetite that Russian cyber operatives have for strategic information as the Kremlin is more isolated on the international stage than it has been for decades.
Those hacking attempts have successfully penetrated defenses 29% of the time, according to Microsoft. Of those successful breaches, a quarter resulted in data stolen from networks.
But measuring the “success” of a Russian cyber-espionage is difficult, and Microsoft said it didn’t have a full view of the hacking because some customers stored data on their own systems rather than in Microsoft’s cloud computing infrastructure.
CNN has reached out to the Russian Embassy in Washington for comment. Moscow routinely denies hacking accusations.
Various governments have likely stepped up their offensive cyber activities related to the Ukraine war as they search for insights on how the fighting and the global fallout from it.
Cyber Command, the US military’s hacking unit, has conducted a “full spectrum” of offensive, defensive and information operations in support of Ukraine, the head of the command confirmed this month.
US officials continue to study Russia’s efforts to supplement its kinetic war in Ukraine with cyber operations.
Significant alleged Russian hacking incidents in Ukraine since the February invasion include a hack of a satellite operator, which knocked out internet service for tens of thousands of satellite modems as the invasion unfolded, and waves of data-wiping hacks aimed at destabilizing Ukrainian government agencies.
Ukrainian officials have also accused the Russians of routing internet traffic in occupied parts of Ukraine through Russian internet providers and subjecting those connections to censorship.
Some of those tactics “may form parts of China’s playbook” in future attempts by Beijing to project power beyond its borders, according to Mieke Eoyang, deputy assistant secretary of defense for cyber policy.
“The cyber dimensions of [what Russia is trying doing in Ukraine] are incredibly important to us, especially in the Defense Department, to understand what the playbook might be if another cyber-capable country were to attempt to do this,” Eoyang said Tuesday at an event in Washington hosted by the think tank Third Way.
NATO members a focus for Russian hackers
NATO, the 30-country military alliance that includes the US, Canada and European allies, has been a particular target for Russia’ computer operatives, according to the Microsoft report.
After the US, Poland — a hub for delivering humanitarian and military aid to Ukraine — was the NATO member targeted the most by Russian hackers in recent months, Microsoft researchers found.
Prospective, and not just current, NATO members have had to keep their guard up for potential Russian cyberattacks. The governments of Sweden and Finland have been vigilant for Russian hacking before and after they announced their intention to join NATO in May.
Swedish officials for months have encouraged critical infrastructure operators to lower their thresholds for reporting suspicious cyber activity to authorities, said Johan Turell, a senior analyst in the cybersecurity department of the Swedish Civil Contingencies Agency, a government organization that prepares for natural and man-made crises.
The Kremlin has warned Sweden and Finland, which shares hundreds of miles of border with Russia, against joining NATO.
As Ukrainian President Volodymyr Zelensky spoke by video conference with the Finnish parliament on April 8, a cyberattack briefly knocked offline the websites of Finland’s ministries of foreign affairs and defense. The websites quickly came back online. Some digital forensics specialists linked the hack, which did not cause any serious disruption, to Russia.
“We don’t know if this was Russian patriotic hackers or an entity linked more directly to [the] Russian government,” Mikko Hyppönen, a prominent Finnish cybersecurity executive, told CNN. “But I have no doubt that the attack was Russian,” he said after reviewing the technical evidence.
“If Russia is trying to scare us with these attacks, they are failing,” said Hyppönen, who is chief research officer at cybersecurity firm WithSecure.
This story has been updated with additional details.