Microsoft detected most state-sponsored hacking in Russia over the past year with a 58% share. This mostly targeted government agencies and think tank in the United States. The UK, Ukraine and European NATO members were next, according to the company.
The long-undetected SolarWinds hack , which primarily hacked information technology businesses such as Microsoft, proved to be a devastating success. It also increased the Russian state-backed hackers’ success rate to 32% for the year ended June 30, compared to 21% in the previous 12 months.
China was responsible for less than 1/10 of all state-backed hacking attempts Microsoft detected, but Microsoft claimed that 44% of those attempts were successful in breaching targeted networks. This is according to Microsoft’s second annual Digital Defense Report. It covers July 2020 through June 2021.
Although Russia’s state-sponsored hacking is well-known, Microsoft’s report provides unusually detailed information about how it compares to other U.S. adversaries.
Ransomware attacks were also mentioned in the report as a growing and serious problem. The United States is the most targeted country, having been hit by more attacks than the next-most targeted nation. Ransomware attacks on are financially motivated and criminal.
State-backed hacking, on the other hand, is primarily about intelligence gathering, whether for national security, commercial, or strategic advantage. It is generally accepted by governments and has U.S. cyber operations among the most skilled. Microsoft Corp.’s report, which is closely associated with Washington government agencies does not address hacking by the U.S. government.
SolarWinds’ hack was so embarrassing for the U.S. government that some Washington lawmakers demanded a retaliation. President Joe Biden has struggled to define what cyberactivity is allowed. Although he has made vague threats to President Vladimir Putin in an attempt to get him to crackdown on ransomware criminals and other cybersecurity officials within the administration said this week that they have not seen any evidence.
Cristin Goodwin heads Microsoft’s Digital Security Unit which focuses on nation-state actors. Nation-state hacking is estimated to have a success rate of between 10% and 20%. Goodwin stated that it was important to keep an eye on the situation and drive the compromised number down. The lower it goes, the better we are doing.
Goodwin finds China’s “geopolitical goals” in its recent cyberespionage especially notable, including targeting foreign ministries in Central and South American countries where it is making Belt-and-Road-Initiative infrastructure investments and universities in Taiwan and Hong Kong where resistance to Beijing’s regional ambitions is strong. These findings also disprove any notion that Chinese cyberspies are only interested in stealing intellectual property.
Russian hack attempts increased from 52% to 23% in the 2019-20 period. This is a result of a larger share of global cyber-intrusion bids that were detected by the “nation state notification service” that Microsoft uses to alert its customers. North Korea was 23% as the country of origin for the year ended June 30, up from 11% in previous years. China dropped to 8%, from 12%.
However, the two are not the same. Microsoft discovered that North Korea’s success rate in spear-phishing, which targets individuals with booby-trapped email, was 94% over the past year.
Microsoft found that only 4% of state-backed hacking was targeted at critical infrastructure. Redmond, Washington-based Redmond said Russian agents were less interested than Iranian or Chinese cyber-operatives.
The Russians began to focus on the Russian government agencies that are involved in defense and foreign policy. They then targeted think tanks and health care organizations, which were responsible for testing and developing COVID-19 vaccines in the United States, Australia and Canada.
Microsoft stated in the report that Russian state hackers’ increased efficacy in recent years “could portend greater high-impact compromises over the year ahead.” The elite hacking group in Russia’s SVR foreign Intelligence Agency, better known as Cozy Bear, was responsible for 92% of all detected Russian activity.
Cozy Bear, also known as Nobelium by Microsoft, was responsible for the SolarWinds hack. It went unnoticed for most 2020, and its discovery severely embarrassed Washington. The Department of Justice was one of the most compromised U.S. government agencies. Russian cyber spies stole 80% of email accounts used in New York by U.S. Attorneys’ offices.
The report covers approximately 7,500 Microsoft nation-state notifications. This is not an exhaustive list. These notifications only reflect what Microsoft has detected.