Microsoft has revealed that state-sponsored hackers linked to Russia targeted at least 17 European nations between January and mid-February 2023.
According to the tech giant’s report, the hackers have targeted 74 countries since the start of the invasion of Ukraine, focusing on government and defence-related organisations in Central and Eastern Europe and the Americas.
The report warned that the cyber espionage operations could inform destructive operations if directed.
The report also stated that the Russia-linked APT group, IRIDIUM, appears to be preparing for a renewed destructive campaign and may target Ukraine with destructive malware such as Foxblade and Caddywiper. The group is believed to have been behind numerous attacks, including an attack on Ukrainian energy infrastructure and the deployment of a persistent botnet called “Cyclops Blink” dismantled by the US government in April.
Microsoft reported that the most targeted countries since February 2022 are the United States (21%), followed by Poland (10%) and the UK (9%).
The most targeted sectors outside Ukraine since February 2022 are government, IT/communications, and Think Tank/NGO.
This report also stated that common tactics and techniques adopted by Russia-linked actors to breach target networks have included the exploitation of internet-facing applications, backdoored pirated software, and ubiquitous spearphishing.
The report warned that Russian actors may seek to expand their targeting of military and humanitarian supply chains by pursuing destructive attacks beyond Ukraine and Poland, and these possible cyberattacks may incorporate newer destructive malware variants as well.
This comes amid escalating tensions between Russia and Ukraine, with NATO accusing Russia of a military buildup near the Ukrainian border.
