But despite the US and its allies condemning Russian and Chinese behavior in cyberspace, those countries are “still comfortable with nation-state attacks,” said Associate General Counsel Kristin Goodwin, head of Microsoft’s digital security unit and associate general counsel. “And we’re seeing that increase.”
In April, the Biden administration blamed Russia’s foreign intelligence service, SVR, for that spying operation. Moscow has denied involvement in the hacking.
North Korea, Iran and China were the next most active countries
Microsoft also reported on Thursday that 58% of government-linked hacking attempts originated in Russia, followed by 23% from North Korea, 11% from Iran and 8% from China.
The data comes with warnings. A flurry of failed attempts to guess the passwords of target organizations, for example, count as separate hacking attempts. And Microsoft did not report on US intelligence agencies, which also run cyber-espionage operations.
But with more than a billion devices using Microsoft software around the world, the technology provider has a broader view of malicious cyber activity than other organizations. And the figures tell their own story.
For example, cyber activity is often related to larger geopolitical dynamics and tensions.
While Russia increased its military presence along its border with Ukraine earlier this year, the same hacking group that perpetrated the SolarWinds breaches has a “huge target”.[ed] interests of the Ukrainian government,” according to Microsoft. The number of Microsoft customers in Ukraine “impacted” by the Russian hacking group rose to 1,200 in the fiscal year ending June, compared to just six years earlier.
“Historically, nation-states follow the onslaught, where there is a geopolitical priority for a country,” Goodwin told Granthshala.
Google announced on Thursday that APT28, a Russian hacking group that interfered in the 2016 election, sent some 14,000 malicious emails to Gmail users around the world in late September. According to Google, the phishing was aimed at targeting government personnel, journalists and defense firms, among others. American organizations were also among those targeted.
Shane Huntley, director of Google Threat Analysis Group, said all emails were classified as spam and were blocked by Gmail.
Much of the public’s attention over the past year to alleged Russian cyber operations has been on the group that spoofed SolarWinds software. But Moscow has a series of hacking teams that carry out various missions against valuable targets in the US and allied countries, analysts say.
According to some US officials and private sector experts, some of those groups specialize in infiltrating critical infrastructure firms, both to gather information and perhaps, in some cases, to gain a foothold in networks in the event of conflict.
attacks on critical infrastructure
“The concern is that the effort we’ve seen [Russian groups] “Proactively exploit disruptive influences around the world,” Rob Joyce, head of the National Security Agency’s Cyber Security Directorate, told the Aspen Cyber Summit last week. And we’ve seen evidence of preponderance against America’s critical infrastructure. So, all the things that cannot be tolerated and we need to work against them.”
The group, which some analysts link to Russia’s FSB intelligence agency, has shown a steady appetite over the past three years to collect data held by critical infrastructure firms in the US, Ukraine and Western Europe.
According to Joe Slovik, a former cybersecurity specialist in the US Navy who now works at security firm Gigamon, the websites of Ukraine’s biggest energy firms and San Francisco’s International Airport involved breaches in 2019 and 2020, respectively.
In a paper to be presented at the Virus Bulletin conference, Slovic said, “In a decade of operating critical infrastructure firms, Berserk bears almost certainty critical intelligence, capacity development and potential impact pre-positions in highly sensitive networks.” facility is provided.” Week.
Credit : www.cnn.com