Russian hackers targeting U.S., other Ukraine allies

Maggie Miller
·3 min read

Russian intelligence agencies have been hacking into scores of organizations in the U.S. and other Ukraine-allied countries, according to a Microsoft report that shows Russia waging a global cyberwar alongside its attacks in Ukraine.

In the report released Wednesday, Microsoft said that Russian hackers have attempted to infiltrate networks at more than 100 organizations in the U.S. and dozens across 42 other countries since Russia invaded Ukraine in February. Targets have included the foreign ministries of NATO states, humanitarian organizations, think tanks, IT groups and energy suppliers.

The hackers successfully infiltrated these networks in almost 30 percent of the attempts, and managed to steal data in about a quarter of those instances.

The report illustrates the global breadth and reach of the Russian cyber campaign being waged to try to dissuade Ukraine’s allies from providing aid or to disrupt their operations. The volume of attempted hacks is also significantly higher than previously reported.

“The destructive cyberattacks have been underreported because in a way, they are invisible to the naked eye, you only know they happen when they succeed,” Microsoft President Brad Smith said during remarks at the Ronald Reagan Presidential Foundation and Institute. “But what we see from our perspective at the Microsoft Threat Intelligence Center and the literally 24 trillion signals a day is that it has been a formidable, intensive, even ferocious set of attacks.”

The U.S. has been the main target, but Russian hackers have also directed attacks at Polish groups helping deliver humanitarian aid to Ukraine, along with organizations in Baltic nations and Turkey.

Ukraine has also been widely targeted. Microsoft found evidence that the Russian military conducted cyberattacks against 48 Ukrainian government agencies and other organizations, though Ukraine has been able to successfully repel most of these attacks. These have included cyberattacks coordinated with missile strikes on railroads and other transportation systems, and an attempt to breach the network of the nuclear power company in Zaporizhzhia, Ukraine in early March — the day before it was occupied by Russian troops.

 Ukraine has suffered a slew of cyberattacks in the runup to the Russian invasion and during the fighting. Just prior to the Russian invasion, Ukrainian banking and government websites were temporarily taken offline by hackers who overwhelmed the networks with traffic in so-called distributed denial of service attacks.

Last month, the U.S., the United Kingdom and the European Union formally blamed Russia for a cyberattack in February that took out a major Ukrainian satellite provider, and Ukrainian officials said in April that the country had repelled a Russian cyberattack on its energy sector that would have knocked out power for millions of Ukrainians. And in May, Ukrainian authorities accused Russia of trying to cause a “humanitarian disaster” in the country through aiming cyberattacks against humanitarian operations.

Russian influence operations have also come to the forefront during the ongoing conflict. Microsoft reported that Russian disinformation operations are concentrated on domestic audiences to help maintain support for the war, the Ukrainian population to undermine morale, and American and European countries to undermine unity.

The disinformation is also aimed at what Microsoft described as “nonaligned countries,” including through attempting to blame Western nations for global food shortages resulting from the invasion of Ukraine.

These findings line up with what Ukrainian officials are seeing. A delegation of Ukrainian members of Parliament told POLITICO earlier this week that Russia is behind efforts to create narratives on social media platforms in Asian and African countries accusing Ukraine of holding back grain from African countries.