Russian intelligence agencies have recently increased their IT network penetration and espionage activities against countries supporting Ukraine, including Canada, the U.S. and other members of NATO, according to a new Microsoft report.
In addition, the report says, the Russian government is expanding an international cyber influence operation to support its war efforts in Ukraine. The sharp rise in Russian online propaganda efforts to support the attack are part of a strategy of pre-positioning false narratives in the public domain on the internet, the report says.
Microsoft estimates an average American consumption of Russian propaganda is 60 million to 80 million page views per month, “enough to make the collective placement resulting from Russian cyber influence on par with a major publication like the Wall Street Journal.”
For example, the report says, before the Ukraine war started, Russian propaganda aimed at Canada was built around the COVID-related trucker protests in Ottawa.
“There is a growing danger that Russian cyber influence operations will seek to exploit all these resources to support a longer war in Ukraine,” the report warns. “The longer the war,
the more challenging it may become to sustain the unity and commitment of a broad international coalition. Just as Russian operations focused during the past year on
COVID-19 fatigue, Ukraine and its NATO and other allies will need to prepare for Russian efforts to use cyber influence operations to undermine the support of their publics for Ukraine.”
“It has become apparent that it will take new digital technologies and the advanced
use of data to better detect and counter these operations,” the report adds.
Since the war began, Microsoft has detected Russian network intrusion efforts on 128 targets in 42 countries outside Ukraine, researchers said in the report, released Wednesday. These represent a range of strategic espionage targets likely to be involved in direct or indirect support of Ukraine’s defense, it said.
Just under half of them have been government agencies. Another 12 percent have been non-government organizations (NGOs) such as think tanks advising on foreign policy, or humanitarian groups involved in providing aid to Ukraine’s civilian population or support for refugees. The remainder are IT companies, energy providers and other companies involved in critical defense or other economic sectors.
Russian cyber espionage efforts have focused on targets in the United States more than any other country, with American targets representing 12 percent of the global total outside Ukraine.
Second is Poland, with eight percent of intrusions. It’s likely a target because of its role in co-ordinating the delivery of a majority of military and humanitarian aid to Ukraine. The Baltic countries of Latvia and Lithuania represent a combined 14 percent of total intrusions outside Ukraine.
By contrast, the report adds, neighboring Estonia hasn’t detected any Russian cyber activity since the beginning of the war. The report’s authors note that Estonia is a big adopter of cloud services, but it isn’t clear if that’s the reason the country hasn’t seen Russian-based cyber attacks.
Overall, including cyber attacks against Ukraine, Microsoft believes Russian actors have been successful 29 per cent of the time. In some cases Microsoft has been able to alert customers of an intrusion, which may have helped defences. “But in most instances,” the report adds, “the victims were operating on local servers, not in the cloud. As a result, Microsoft’s visibility into the total number of attacks, the success rate, and in particular the extent of data exfiltration, likely understates the extent of Russian cyber espionage success.”
The report recommends a co-ordinated and comprehensive strategy among the public and private sectors to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.
“The first defensive tenet should recognize that Russian cyber threats are being advanced by a common set of actors inside and outside the Russian Government and rely on similar digital tactics,” says the report. “As a result, advances in digital technology, AI, and data will be needed to counter them.
“Reflecting this, a second tenet should recognize that unlike the traditional threats of the past, cyber responses must rely on greater public and private collaboration.
“A third tenet should embrace the need for close and common multilateral collaboration among governments to protect open and democratic societies.
“Finally, governments should uphold free expression and avoid censorship in democratic societies, even as new steps are needed to address the full range of cyber threats that include cyber influence operations.”