Russian military-linked hackers used a critical flaw in Microsoft’s email software to target – and in some cases infiltrate – the networks of European military, energy and transportation organizations in an apparent spying campaign that went undetected for months as the war in Ukraine raged, Microsoft told its customers in a report obtained by CNN.
The report demonstrates how, despite the heightened defensive posture of Western governments and tech firms during the war, Russian hacking can slip under the radar and come to light, if ever, months after the fact.
As Russian military advances in Ukraine have faltered, the Kremlin’s hacking teams have scoured the networks of Western logistics and transport firms supporting Ukraine’s defenses for intelligence that might translate to a battlefield or geopolitical advantage, according to cybersecurity experts and US officials.
A tip from Ukrainian officials led Microsoft to investigate the cyber activity and discover that the Russian hackers had been exploiting the previously unknown software flaw between April and December 2022, according to Microsoft.
Microsoft publicly disclosed the vulnerability on Tuesday, urging customers to update their software. Privately, Microsoft told customers that “fewer than 15” organizations had been targeted or breached by the Russian operatives.
BleepingComputer, a tech news outlet, first reported on the Microsoft advisory to customers.
The hackers used a stealthy technique to steal login details from victim organizations and then looked to burrow further into organizations’ email folders, Microsoft told clients. The tech firm did not name the organizations targeted.
Microsoft blamed a hacking group that US officials have publicly linked to Russia’s GRU military intelligence agency. US officials have alleged that the same agency’s hackers breached the Democratic National Committee’s servers as part of a sweeping effort to undermine Hillary Clinton’s candidacy in the 2016 US presidential election.
Russia has denied that specific allegation and others from the US that it conducts cyberattacks. CNN has reached out to Microsoft and the Russian Embassy in Washington about Microsoft’s advisory.
US officials have braced for potential collateral damage to US organizations from alleged Russian hacking operations in Ukraine and elsewhere during the war, but such ripple effects have largely failed to materialize.
Microsoft blamed a different GRU-linked hacking team for ransomware attacks on Ukrainian and Polish transportation and logistics organizations in October, but there were no reports of spillover to other organizations.