According to Microsoft, Russia accounted for most state-sponsored hacking discovered by Microsoft during the last year, with a 58 percent share, primarily targeting US government agencies and think tanks, followed by Ukraine, the United Kingdom, and European NATO countries.
The long-unnoticed SolarWinds attack — which mainly targeted information technology companies like Microsoft — raised Russian state-backed hackers’ success rate to 32% in the year ending June 30, up from 21% the year before.
On the other hand, China accounted for less than one out of every ten state-sponsored hacking attempts. However, it was successful 44 percent of the time in breaking into targeted networks, according to Microsoft’s second annual Digital Defense Report, which covers the months of July 2020 to June 2021.
While Russia’s widespread state-sponsored hacking is well-known, Microsoft’s study provides exceptionally detailed information on how it compares to other US enemies.
Ransomware attacks, according to the study, are a significant and rising problem. The United States is the most targeted country, receiving more than three times the number of cyberattacks as the next most targeted country.
On the other hand, state-sponsored hacking is primarily about acquiring intelligence — whether for national security, commercial, or geopolitical gain — and is therefore typically allowed by governments, with US cyber operators among the most competent. Microsoft’s study, which works closely with Washington government agencies, does not cover government hacking in the United States.
Recently, President Joe Biden has struggled to establish a boundary between acceptable and unacceptable cyber activity. He has sent non-specific warnings to Russian President Vladimir Putin to persuade him to clamp down on ransomware perpetrators. Still, many top administration cybersecurity experts indicated this week that they had seen no proof of this.
According to Cristin Goodwin, the chief of Microsoft’s Digital Security Unit, nation-state hacking has a success rate of 10% to 20%. She further said that China’s “geopolitical goals” in the latest cyberespionage include targeting foreign ministries in Central and South American countries as well as universities in Taiwan and Hong Kong.
Russian hacking efforts increased from 52% in 2019-20 of worldwide cyber-intrusion bids identified by the “nation-state notification service.” North Korea was second as a nation of origin with 23 percent, up from less than 11 percent the year before. Attacks from China shrank to 8% from 12%.
Efficacy and the number of attempts, on the other hand, are two different things. According to Microsoft, North Korea’s spear-phishing (targeting individuals with booby-trapped emails) failure rate was 94 percent in the previous year.
Only 4% of all state-sponsored hacking discovered by Microsoft targeted vital infrastructure, with Russian cyber-agents being considerably less interested than Chinese or Iranian cyber-agents.
According to Microsoft, the recently increased efficacy of Russian state hackers “may portend additional high-impact intrusions in the year ahead.” The top hacking unit in Russia’s SVR foreign intelligence agency, Cozy Bear, was responsible for more than 92 percent of the recorded Russian activities.
Microsoft’s nation-state notifications, which totaled over 7,500 in the duration covered by the study, are far from comprehensive. Only what Microsoft detects is reflected in them.