Microsoft officials and cybersecurity experts warned on Sunday that Russia’s premier intelligence agency has launched another campaign to penetrate thousands of computer networks in the United States, including those of the government, corporations, and think-tanks. The warning comes only months after President Biden imposed sanctions on Moscow in response to a series of sophisticated spy operations it had conducted around the world.
In an interview, Tom Burt, one of Microsoft’s senior security executives, said that the new endeavour is “quite substantial and is still in the early stages.” State Department officials confirmed that the operation, which appeared to be aimed at acquiring data stored in the cloud, appeared to have originated from the S.V.R., the Russian intelligence agency that was the first to infiltrate the Democratic National Committee’s computer networks during the 2016 presidential election.
However, despite Microsoft’s insistence that the proportion of successful intrusions was limited, the company did not disclose enough information to adequately assess the extent of the theft.
This year, the White House accused the Russian government for the so-called SolarWinds cyberattack, a highly sophisticated attempt to change software used by federal agencies and some of the nation’s top corporations, giving the Russians access to 18,000 people. Mr. Biden said that the assault undermined public confidence in the government’s fundamental mechanisms and pledged vengeance for both the hack and the intervention in the election. The sanctions on Russian financial institutions and technological businesses, which were issued in April, were significantly scaled down by the president.
“I made it plain to President Putin that we had the option of going farther, but I decided not to do so,” Mr. Biden said at the time, after speaking with the Russian leader on the telephone. “It’s time to de-escalate the situation.”
Officials from the United States maintain that the sort of assault disclosed by Microsoft fits within the category of the type of surveillance that big nations commonly perform against one another. While both governments claim to be meeting regularly to combat ransomware and other maladies of the internet age, the operation suggests that network undermining is continuing apace in an arms race that has accelerated as countries sought Covid-19 vaccine data and a variety of industrial and government secrets.
During the Cipher Brief Threat Conference on Sea Island, where a large number of cyberexperts and intelligence officials gathered, John Hultquist, vice president for intelligence analysis at Mandiant, the firm that was the first to notice the SolarWinds assault, remarked, “Spies are going to spy.” What we have learnt from this is that the S.V.R., which is excellent, shows no signs of slowing down.
It is not known how effective the most recent campaign has been at this point in time. Microsoft recently warned more than 600 businesses that they had been the subject of around 23,000 attempts to get access to their systems, according to the company. To put this in perspective, during the last three years, the corporation claimed to have identified just 20,500 targeted assaults from “all nation-state actors.” Despite Microsoft’s claim that a tiny fraction of the most recent efforts were successful, the company did not disclose specifics or specify how many companies had been penetrated.
Officials from the United States acknowledged that the operation, which they regard to be normal surveillance, was currently ongoing. They stressed, though, that if it was a success, Microsoft and other cloud service providers would bear a large portion of the responsibility for it.
However, the most recent Russian hack, according to analysts, served as a warning that migrating to the cloud is not a solution — particularly if those in charge of administering cloud operations do not utilise adequate security measures.