Microsoft says “strategic espionage” by state-backed Russian hackers has targeted government agencies, think tanks, businesses and aid groups in 42 countries supporting Ukraine.
It says in a report that hacking has been successful 29% of the time and that data was stolen in at least one-quarter of the successful network intrusions.
Nearly two-thirds of the cyber-espionage targets involved Nato members.
The United States was the prime target.
Poland, which is the main conduit for military assistance flowing to Ukraine, was second.
In the past two months, Denmark, Norway, Finland, Sweden and Turkey have seen stepped-up targeting.
A striking exception is Estonia, where Microsoft said it has detected no Russian cyber intrusions since Russia invaded Ukraine on February 24.
The company credited Estonia’s adoption of cloud computing, where it is easier to detect intruders.
“Significant collective defensive weaknesses remain” among some other European governments, Microsoft said, without identifying them.
Half of the 128 organisations targeted are government agencies and 12% are nongovernmental agencies, typically think tanks or humanitarian groups, according to the 28-page report.
Other targets include telecommunications, energy and defence companies.
Microsoft said Ukraine’s cyber defences “have proven stronger” overall than Russia’s capabilities in “waves of destructive cyberattacks against 48 distinct Ukrainian agencies and enterprises”.
Moscow’s military hackers have been cautious not to unleash destructive data-destroying worms that could spread outside Ukraine, as the NotPetya virus did in 2017, the report noted.
“During the past month, as the Russian military moved to concentrate its attacks in the Donbas region, the number of destructive attacks has fallen,” according to the report, called Defending Ukraine: Early Lessons from the Cyber War.
The Washington company has unique insight in the domain due to the ubiquity of its software and threat detection teams.
Microsoft said Ukraine has also set an example in data safeguarding.
Ukraine went from storing its data locally on servers in government buildings a week before the Russian invasion — making them vulnerable to aerial attack — to dispersing that data in the cloud, hosted in data centres across Europe.
The report also assessed Russian disinformation and propaganda aimed at “undermining western unity and deflecting criticism of Russian military war crimes” and wooing people in nonaligned countries.
Using artificial intelligence tools, Microsoft said, it estimated “Russian cyber influence operations successfully increased the spread of Russian propaganda after the war began by 216% in Ukraine and 82% in the United States.”
