BOSTON – Russia was responsible for most of the state-sponsored hacker attacks that Microsoft discovered last year, accounting for a 58 percent share.
The devastating effectiveness of the long-undiscovered SolarWinds hack – it mainly broke IT companies like Microsoft – also increased the success rate of Russian state-sponsored hackers to 32 percent in June 30, compared to 21 percent in the last 12 months.
China, meanwhile, accounted for less than 1 in 10 government-sponsored hacking attempts that Microsoft discovered, but managed to break into targeted networks 44 percent of the time, Microsoft said in its second annual Digital Defense Report, which runs from July 2020 to June 2021.
While Russia’s prolific, government-sponsored hacking is known, Microsoft’s report offers unusually specific details on how it compares to other US adversaries.
The report also names ransomware attacks as a serious and growing plague, with the United States being by far the hardest hit country, having more than three times the number of attacks from the next most common target country. Ransomware attacks are criminal and financially motivated.
In contrast, government-assisted hacking is primarily about information gathering – whether for national security or for commercial or strategic gain – and is therefore generally tolerated by governments, with US cyber operators being some of the most experienced. The report by Microsoft Corp., which works closely with the Washington government agencies, does not go into hacking attacks by the US government.
However, the SolarWinds hack was so embarrassing for the US government that some Washington lawmakers called for some kind of retaliation. US President Joe Biden has had a hard time drawing a red line on what cyber activities are allowed. He has issued vague warnings to President Vladimir Putin to encourage him to take action against ransomware criminals, but several senior government cybersecurity officials said this week they saw no evidence of this.
Overall, nation-state hacking has a success rate of around 10 to 20 percent, said Cristin Goodwin, who heads Microsoft’s Digital Security Unit, which focuses on nation-state actors. “It’s really important for us to try to stay ahead – and to keep this compromised number down – because the lower it gets, the better we are,” said Goodwin.
Goodwin finds China’s “geopolitical targets” particularly noteworthy in its recent cyber espionage, including targeting foreign ministries in Central and South American countries, where it is making infrastructure investments under the Belt and Road initiative, and universities in Taiwan and Hong Kong, where opposition against Beijing’s regional ambitions is strong. In addition, the results refute any conventional opinion that the interests of Chinese cyber spies are limited to the theft of intellectual property as obsolete.
The proportion of Russian hacker attempts rose from 52 percent in the period 2019-20 as a proportion of global cyber intrusion bids recognized by the “nation-state notification service” that Microsoft uses to warn its customers. For the year ended June 30, North Korea ranked second as the country of origin at 23 percent, down from less than 11 percent previously. China fell from 12 to 8 percent.
But the volume of the experiment and its effectiveness are different things. North Korea’s failure rate for spear phishing – the target of individuals, usually booby-trapped emails – was 94 percent last year, Microsoft found.
Only 4 percent of all government-sponsored hacking attacks Microsoft discovered were targeted at critical infrastructure, said the Redmond, Washington-based company, with Russian agents being far less interested than Chinese or Iranian cyber agents.
After the SolarWinds hack was discovered in December, the Russians again focused mostly on government agencies dealing with foreign affairs, defense and national security, followed by think tanks and then health care where they targeted organizations dealing with COVID-19 – Vaccines and treatments developed and tested in the United States, Australia, Canada, Israel, India, and Japan.
In the report, Microsoft said the recent increased effectiveness of Russian state hackers “could mean more serious compromises in the coming year.” More than 92 percent of the detected Russian activities were carried out by the elite hacking team of the Russian foreign intelligence service SVR, better known as Cozy Bear.
Cozy Bear, which Microsoft calls Nobelium, was behind the SolarWinds hack, which went undetected for most of 2020 and the discovery of which left Washington very embarrassed. One of the heavily compromised US government agencies was the Department of Justice, from which Russian cyber spies exfiltrated 80% of the email accounts of US law firms in New York.
Microsoft’s national notifications, of which approximately 7,500 were issued worldwide during the reporting period, do not purport to be exhaustive. They only reflect what Microsoft recognizes.