Russia-backed hackers target government and IT organisations linked to Ukraine

The Russian government is believed to be behind the cyberattacks, as they appear to be well-funded and wellorganised. The attacks have been aimed at stealing sensitive information, disrupting systems, and causing chaos in the targeted countries.

According to the recently published Microsoft Threat Intelligence report, the government sector was by far the most targeted sector by Russian stateaffiliated hackers between February 2022 and January 2023.

The team at Microsoft discovered 46 organised cyberattacks on various government bodies. Russian threat actors were also interested in IT & communications companies, launching 17 attacks within the last year. The energy sector was also among the industries most targeted, subject to 16 cyberattacks.

A suspected Russian threat actor named IRIDIUM initiated several phishing activities between 12 and 28 January 2023 to access accounts at Ukrainian businesses in the defence and energy sectors.

This aligns with the traditional targets of Russian cyberattacks in Ukraine since the energy sector provides a significant portion of Ukraine’s revenue, and the government and telecommunications industries are key components of national security.

Russian hackers have been using a variety of tactics to infiltrate government and IT organisations. One of the methods used is spearphishing, which involves sending emails with malicious links or attachments that, when clicked, infect the targeted computer with malware.

The attacks have become increasingly complex over time, with hackers using advanced techniques such as zero-day exploits, which are vulnerabilities in software that are not yet known to the software vendor.

Attacks outside of Ukraine Ukrainian government and IT organisations are not the only targets of these attacks. Russia has also targeted companies in other countries, including NATO member states, to play havoc with their operations and gain access to classified information.

Between 07 and 23 February 2023, Microsoft observed Russian nation-state threat activity against organisations based in 74 countries, excluding Ukraine.

According to the amount of recorded threats, EU and NATO member countries—particularly those on the eastern flank—dominate the list of the top 10 most targeted states.

In the 74 countries they attacked, Russian threat actors were particularly interested in government and IT sector firms, much like in Ukraine. Government and IT & communications sectors suffered from 100 and 51 cyberattacks, respectively.

Hackers corrupt IT businesses to leverage trusted technical ties and gain access to those firms’ clients in government, policy, and other sensitive institutions. They also paid a lot of attention to the activities of various non-profit organizations and tried to disrupt their efforts by launching 31 cyber threats within the past year.

Sophisticated cyberattacks were launched on companies in the education and energy sectors, with 16 threats targeting each.