Russian hackers went undetected for months inside European military networks

They spent almost a year inside the victims’ systems and were only stopped due to a complaint from Ukraine

They spent months inside the computer systems of several European armies undetected. Little by little, without arousing suspicion, Russian hackers patiently gathered information about the military, transportation systems, and even the energy grid, all while Vladimir Putin’s army invaded Ukrainian soil. The revelations were made in a report presented by Microsoft that was accessed by CNN International.

It all started with information given to the American software company by Ukrainian officials. Between April and December 2022, Russian hackers exploited a computer vulnerability in Microsoft’s email service, allowing the Russian side to obtain critical information about Western logistics and transport systems. This information would later be passed on to the Russian Ministry of Defense, which would use it to try to gain a military or geopolitical advantage.

In the document admitting it discovered the vulnerability, Microsoft advised its users to update their systems and privately admitted that “less than 15” organizations (excluding military networks) were targeted by Russian agents.

The hackers used a secret technique that allowed them to steal the credentials of the target organizations. They then rushed to look for information in the company’s e-mail folders. After exploiting the vulnerability, hackers were able to obtain permissions to the victim’s email inbox, allowing them to exploit information from specific accounts. Microsoft did not specify which companies or institutions were targeted by the attack.

The company also admits that the vulnerability, while patched, allowed attackers to completely delete all of the victim’s information. However, Microsoft recommends that victims check messages and log entries for any foreign object so that it can be determined if it is malware.

Microsoft knows that the group involved in coordinating the coup is linked to the GRU, Russia’s intelligence services operating abroad. This part of the Russian secret services has already been involved in several cases on European soil, most famously the poisoning of former Soviet spy Sergei Skripal, in the United Kingdom.

The hacker group in question was the same one involved in the attack on the servers of the Democratic Party in the United States during the 2016 election, when Hillary Clinton was defeated by Donald Trump.

The attack also demonstrates how difficult it is to defend against cyber attacks. Even at a time when the West has redoubled its computer defense efforts, Microsoft, one of the technology companies that places the highest priority on computer security, has not been able to prevent itself from becoming the target of a computer attack.

Contacted by CNN International, Russia denies the allegation that it is involved in computer attacks against the United States of America.

Leave a Reply

Your email address will not be published. Required fields are marked *