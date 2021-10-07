



Government agencies account for more than half of the targets for Moscow-linked hacking groups for the year to June 2021, up from just 3% last year, according to Microsoft. At the same time, the success rate of Russian interventions in governmental and non-governmental objectives has gone from 21% to 32% year after year, the technology giant says in a report focusing on state-backed cyber criminal activity.

The report comes as the Biden administration has sought to strengthen the US government’s defense against cyber espionage by Russia – and to publicly expose that activity to US allies. European Union last month exploded hacking and alleged Russian leak operations that the bloc said they aimed to interfere in democracy.

But while the United States and its allies condemn Russian and Chinese behavior in cyberspace, those countries “are still at ease relying on nation-state attacks,” said Cristin Goodwin, chief adviser and head of Microsoft’s Digital Security Unit. . “And we’re seeing that increase.”

The data includes the Russian espionage operation that broke down at least nine US federal agencies in 2020 utilizing software produced by SolarWinds, a Texas-based firm. CNN reported Wednesday that the same Russian group after that activity has continued in recent months to try to violate American and European governmental organizations.

The Biden administration in April blamed Russia’s foreign intelligence service, the SVR, for that espionage campaign. Moscow has denied involvement in the hacking. North Korea, Iran and China were the most active countries Microsoft also reported Thursday that 58% of government-linked hacking attempts originated in Russia, followed by 23% from North Korea, 11% from Iran and 8% from China. The data comes with warnings. A host of unsuccessful attempts to guess the passwords of the target organizations, for example, count as separate hacking attempts. And Microsoft did not report on US intelligence agencies, which also conduct cyber espionage campaigns. But with over one billion devices using Microsoft software worldwide, the technology provider has a broader picture of malicious cyber activity than most other organizations. And the data tell its own story. Cyber ​​activity, for example, is often associated with greater geopolitical dynamics and tensions. As Russia stepped up its troop presence along its border with Ukraine earlier this year, the same hacking group that carried out SolarWinds violations has “a big target[ed] The interests of the Ukrainian government, “according to Microsoft. The number of Microsoft customers in Ukraine” influenced “by the Russian hacker group rose to 1,200 in the fiscal year ending in June, compared to only six a year earlier. “Historically, nation-state attacks tend to follow where a geopolitical priority is for a country,” Goodwin told CNN. Most of the public attention on alleged Russian cyber operations last year has been to the group that eavesdropped on SolarWinds software. But there are a number of hacking teams available in Moscow that carry out various missions against valid targets in the US and allied countries, analysts say. Some of those groups specialize in infiltrating critical infrastructure firms, both to gather information and in some cases, possibly to have a network base in the event of a conflict, according to some US officials and private sector experts. Attacks on critical infrastructure “The concern is the effort we have seen [Russian groups] actively use disruptive effects across the globe, “said Rob Joyce, head of the National Security Agency’s Cyber ​​Security Directorate, at the Aspen Cyber ​​Summit last week.” And we have seen evidence of preparation against critical American infrastructure. “So all things that can not be tolerated and we must work against.” One such group, known as the Berserk Bear in the cybersecurity industry, has been linked to industrial software breaches in U.S. electrical services that the Department of Homeland Security blamed for Russian government hackers in 2018 The group, which some analysts have linked to Russia’s intelligence agency FSB, has for the past three years shown a steady appetite for data collection held by critical infrastructure firms in the US, Ukraine and Western Europe. This includes breaches, in 2019 and 2020, respectively, of the websites of a major energy firm in Ukraine and San Francisco International Airport, according to Joe Slowik, a former US Navy cybersecurity specialist who now works at security firm Gigamon. During a decade of operations that violate critical infrastructure firms, Berserk Bear “has almost certainly facilitated significant intelligence gathering, capability development and the potential effects of pre-positioning on highly sensitive networks,” Slowik said in a paper that will to be presented at the Virus Bulletin conference this week

