Russia has increased cyber-attacks against Nato states by 25% over the past year, according to an analysis, as the Kremlin escalates its “hybrid war” against European countries.
Microsoft said nine of the top 10 countries most affected by Russian state cyber-activity were members of the Nato alliance and attacks against them had risen by a quarter compared with the previous year.
The US was the most targeted region, at 20% of all attacks, followed by the UK at 12% and Ukraine – the only non-Nato member in the top 10 – at 11%. Microsoft declined to give exact details of Russian state hostility, but said the most targeted sector was government, representing a quarter of all attacks, followed by research and academia, and thinktanks and non-governmental organisations.
Amy Hogan-Burney, a vice-president for cybersecurity policy at Microsoft, said the company expected to “continue to see activity across many Nato-based areas”.
Experts and politicians have warned that Russia is conducting “hybrid warfare” – the term for a range of unconventional tactics such as drone incursions, sabotage or cyber-attacks that occupy a “grey zone” between peace and war – against Nato members.
A former head of the UK’s domestic spy agency, MI5, warned last month the UK may already be at war with Russia because of the intensity of cyber-attacks and other hostile activity orchestrated by Moscow against the UK. Eliza Manningham-Buller said it was a “different sort of war, but the hostility, the cyber-attacks, the physical attacks, the intelligence work is extensive”.
Other Nato nations have been affected by Russia-linked incidents. In Poland, 19 unarmed Russian drones crossed into its airspace last month, while Denmark was forced to close airports due to unidentified drones. In another incident last month, Nato intercepted three Russian MiG-31 fighter jets that violated Estonia’s airspace over the Baltic Sea in a 12-minute incursion.
Microsoft added in its annual digital defence report that Russia was using the country’s highly active cybercriminal community to carry out its aims. Russian cybercrime is most commonly associated with ransomware attacks, which have crippled businesses and public bodies around the world. Microsoft said it had observed the Russian state tapping the cybercrime ecosystem for access to targets, using its malicious software or as proxies for carrying out attacks.
Jamie MacColl, a senior research fellow at the Royal United Services Institute (Rusi) thinktank, said: “It is not surprising given the general uptick in Russian covert, and sometimes overt, action against Nato member states over the past 12 months. The way states use their cyber operations mirrors their broader approach to statecraft so it makes sense these attacks are increasing.”
