Russia behind most nation-state cyberattacks on consumers: Microsoft

Russia-based hackers are responsible for the majority of nation-state attacks on Microsoft customers, according to new data from company.
 

Microsoft Corp. has issued 13,000 alerts about nation-state hacking attempts to its customers in the last two years, with 52% of incidents between July 2019 and June 2020 related to Russian hackers -- whose targets have ranged from elections to the Olympics, according to a report published Tuesday. Iran was responsible for a quarter of the alerts while China was responsible for 12%. The remainder of the nation-state activity observed by Microsoft came from North Korea and other countries.

Russian hackers have targeted elections and political organizations in multiple countries, as well as non-profit groups, professional services and higher education, according to Microsoft. Kremlin-linked hackers also tried to break into 16 sporting and anti-doping organizations on three continents amid doping investigations into Russia athletes.

“We see nation-state actors constantly evolving, trying new techniques,” said Tom Burt, a vice president at Microsoft. “As it stands today the attackers are winning in that they are so well resourced, so determined and so agile.” Foreign hackers have continued to target organizations related to American politics in recent weeks, he said.

Iranian hackers have also been prolific, stepping up the volume of their attacks in the last six months, according to Burt. In August 2019 alone, Iranian hackers attacked 241 Microsoft accounts associated with a U.S. presidential campaign, current and former U.S. officials, political journalists and well-known Iranians living abroad, the report said. While only four of these attacks were successful, Microsoft anticipates an increase activity as the U.S. election approaches.

Hackers based in China have “attempted to gain intelligence on organizations associated with the upcoming U.S. presidential election,” according to Microsoft. Those hackers have also been active in cyber-attacks related to medical research. Among multiple attempts to hack medical research institutions in the U.S. and Asia, China-based hackers attacked an unnamed U.S. university that was researching a coronavirus vaccine in March.

China is one of 16 nation-state actors that Microsoft has observed targeting customers involved in the global Covid-19 response efforts. Targets of these attacks have included global medical relief and humanitarian aid groups along with government health-care organizations.

China was also a victim of attacks that sought to leverage the pandemic. “China, the United States, and Russia were hit the hardest, but every country in the world saw at least one Covid-19-themed attack, with the volume of successful attacks in outbreak-hit countries increasing as fear and the desire for information grew,” the Microsoft report said.

Hospitals and other entities have also been hit with ransomware -- in which files are locked from users until payment is made. Ransomware is the “most problematic” and “fastest growing” threat in cybercrime, Burt said.