Russian military hackers have been trying to gain access to the networks of European military, energy, and transportation organizations and have been reportedly successful in some cases. Microsoft revealed in a report that this has been going unseen for some months which apparently is a spying campaign as the war in Ukraine raged.
Recently, Russian hackers have recently also attempted to penetrate the networks of NATO and the militaries of some eastern European countries, Google’s Threat Analysis Group said in a report published on Wednesday.
The report did not say which European militaries had been targeted in what Google described as “credential phishing campaigns” launched by a Russian-based group called Coldriver, or Callisto.
“These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown,”
The report demonstrates how, despite the heightened defensive posture of Western governments and tech firms during the war, Russian hacking can slip under the radar and come to light, if ever, months after the fact.
As Russian military advances in Ukraine have faltered, the Kremlin’s hacking teams have scoured the networks of Western logistics and transport firms supporting Ukraine’s defenses for intelligence that might translate to a battlefield or geopolitical advantage, according to cybersecurity experts and US officials.
According to Microsoft, a tip from Ukrainian officials led Microsoft to investigate the cyber activity and discover that the Russian hackers had been exploiting a previously unknown flaw in Microsoft’s email software between April and December 2022.
Microsoft publicly disclosed the vulnerability on Tuesday, urging customers to update their software. Privately, Microsoft told customers that “fewer than 15” organizations had been targeted or breached by the Russian operatives.
Microsoft told clients that the hackers used a stealthy technique to steal login details from victim organizations and then looked to burrow further into organizations’ email folders. The tech firm did not name the organizations targeted.
Microsoft blamed a hacking group that US officials have publicly linked to Russia’s GRU military intelligence agency. US officials have alleged that the same agency’s hackers breached the Democratic National Committee’s servers as part of a sweeping effort to undermine Hillary Clinton’s candidacy in the 2016 US presidential election.
Russia has denied that specific allegation and others from the US that it conducts cyberattacks. CNN has contacted Microsoft and the Russian Embassy in Washington about Microsoft’s advisory.
“Microsoft released a security update … in March to keep our customers safe and protected. Customers who apply the update, or have automatic updates enabled, are already protected.”
US officials have braced for potential collateral damage to US organizations from alleged Russian hacking operations in Ukraine and elsewhere during the war. Still, such ripple effects have largely failed to materialize.
Microsoft blamed a different GRU-linked hacking team for ransomware attacks on Ukrainian and Polish transportation and logistics organizations in October. Still, there were no reports of spillover to other organizations.