Russian military-linked hackers targeted — and in some cases successfully infiltrated — the networks of European military, energy, and transportation organizations in an apparent spying campaign that went undetected for months as the war in Ukraine raged, Microsoft told its customers in a report obtained by CNN.
The report demonstrates how, despite the heightened defensive posture of Western governments and tech firms during the war, Russian hacking can slip under the radar and come to light, if ever, months after the fact.
As Russian military advances in Ukraine have faltered, the Kremlin’s hacking teams have scoured the networks of Western logistics and transport firms supporting Ukraine’s defenses for intelligence that might translate to a battlefield or geopolitical advantage, according to cybersecurity experts and US officials.
According to Microsoft, a tip from Ukrainian officials led Microsoft to investigate the cyber activity and discover that the Russian hackers had been exploiting the previously unknown flaw in Microsoft’s email software between April and December 2022.
Microsoft publicly disclosed the vulnerability on Tuesday, urging customers to update their software. Privately, Microsoft told customers that “fewer than 15” organizations had been targeted or breached by the Russian operatives.
BleepingComputer, a tech news outlet, first reported on the Microsoft advisory to customers.
Microsoft told clients that the hackers used a stealthy technique to steal login details from victim organizations and then looked to burrow further into organizations’ email folders. The tech firm did not name the organizations targeted.
Microsoft blamed a hacking group that US officials have publicly linked to Russia’s GRU military intelligence agency. US officials have alleged that the same agency’s hackers breached the Democratic National Committee’s servers as part of a sweeping effort to undermine Hillary Clinton’s candidacy in the 2016 US presidential election.
Russia has denied that specific allegation and others from the US that it conducts cyberattacks.
“Microsoft released a security update … in March to keep our customers safe and protected,” a Microsoft spokesperson said in an emailed statement. “Customers who apply the update, or enable automatic updates, are already protected.”
US officials have braced for potential collateral damage to US organizations from alleged Russian hacking operations in Ukraine and elsewhere during the war. Still, such ripple effects have largely failed to materialize.
In October, Microsoft blamed a different GRU-linked hacking team for ransomware attacks on Ukrainian and Polish transportation and logistics organizations. Still, there were no reports of spillover to other organizations.
