Microsoft said in a statement this week that Russia is trying to spy on 42 countries, including Brazil. The operations come amid an espionage war between Russian intelligence agencies and America’s Cyber Command in the wake of the war in Ukraine.
US-based Microsoft said Moscow hit 128 targets around the world, including governments, think tanks, humanitarian aid agencies, IT companies and companies responsible for critical infrastructure in countries.
In 29% of attacks, Russian hackers were able to break into their targets’ computers. However, Microsoft did not elaborate on which countries the data was stolen from or what kind of information the Russians were looking for.
Moscow denies any espionage or cyber activity in the Ukraine war.
According to cyber conflict expert Eduardo Izicchi, a researcher at King’s College London, Russia has two main objectives in this type of operation. The first is to find out what kind of weapons and military equipment are actually sent to Ukraine by Western countries.
“There have been public declarations from countries pledging weapons, but the Russians want to know what the West is actually sending and at what speed. Every movement of troops and weapons anywhere in the world is documented in some way and this information is available on digital media,” the researcher said in the War Games column.
“It’s a way of monitoring something with military intent. In fact, it could be argued that it could even be considered a legal action under international law,” he said.
Another purpose of cyber intelligence is to find out how willing politicians in target countries are to support Ukraine or Russia. With this information, Moscow can exploit, for example, divisions in NATO countries or the US Congress. Or it may even decide which countries to diplomatically justify in order to gain allies or political support.
Therefore, Russia has attacked not only governments, but also non-governmental organizations – it works by analyzing this kind of information and gauging countries’ political appetite for war.
High-level sources in the Brazilian government tell this writer that no significant or strategic data leaks from Brazil have yet been discovered (such intelligence information is not discussed in official reports). But we cannot say for sure that there is no invasion.
This uncertainty is not unique to Brazil, as there is no inviolable system. The US and European countries are also investigating whether their data was accessed or not. Because most countries use its products, Microsoft has access to this kind of information, and it can be monitored remotely by the company.
The Brazilian government has invested heavily in cyber security, and the country has moved from 71st to 18th place, tied with the UN. The ongoing conservation effort is part of the Digital Government Strategy 2020-2022, which aims to make it easier for people to access public services and digital technologies.
According to Izycki, Brazil is the most likely target of a specific data-gathering operation — where Russian hackers wouldn’t target, for example, a high-level government with a high level of security.
Brazil is currently in a diplomatic “fair skirt” position with respect to the BRICS diplomatic grouping (Brazil, Russia, India, China and South Africa). The bloc originated with an economic and trade bias, but the war in Ukraine and US sanctions on Moscow have left Russia and China struggling to give the group a more political tone — trying to make it a political bloc that confronts it. The United States and its allies.
Brazil and India have been trying to maintain their balance and avoid politicizing BRICS, but tensions are rising. Last Thursday, at the BRICS summit (which almost happened), Chinese President Xi Jinping said that the bloc would enter a new journey and criticized the dominant world order – in which the US and its allies would force countries to “choose sides”. .
According to Microsoft, Brazil is not among the biggest targets of Russian hackers. The countries with the highest number of cyber-attack attempts were the United States, with 12% of cases, and Poland, with 8%. Romania, Germany, France, Sweden, Finland, Latvia, Lithuania, Great Britain, India, Australia, Canada, Mexico, Japan and countries in the Middle East, Central Asia and Africa were also affected by Russian cyber espionage efforts.
But can we fully trust Microsoft’s statement?
According to analysts, Microsoft rarely reports an attack that doesn’t happen, but the way it classifies and counts incidents can be questioned.
For example, the company says that Estonia is one of the only countries close to Russia that has not been affected by the actions of hackers – it stores its government data in public “clouds” served by companies such as Microsoft.
Today, governments like the United States cannot manage their cyber security with public resources. Washington has intelligence agencies like the NSA, which is responsible for cyber surveillance, and defense agencies like Cyber Command—a full-fledged military organization dedicated to warfare in cyberspace. Even so, the U.S. is increasingly dependent on big techs like Google, Apple, and Meta to identify and contain cyberattacks, not just Microsoft.
There is an internal debate in the country about the desirability of relying on private companies.
Microsoft’s own statement tries to indicate that the best way for governments to protect their data is not to keep it on servers located in government facilities — because these buildings can be bombed in wars. The company says the safest option is to put them in “clouds” that operate from servers located in different countries.
Has Russia Achieved Cyber Warfare Goals in Ukraine?
Days before Russia began bombing Ukraine in February, the Ukrainian parliament authorized the transfer of its digital public data and services to companies like Microsoft. They gained security access, allowing a high level of control over Ukrainian systems, with the aim of countering Russian cyber operations.
At the beginning of the attacks, buildings housing Ukrainian computer servers were bombed, but the interruption of some public services was temporary – as the data was no longer available.
In parallel, the US Cyber Command will be engaged in a virtual war against Russian intelligence agencies such as the FSB, SRV (Internal and External Intelligence Agencies, i.e. the former KGB) and the GRU, the General Directorate of the Directorate. armed forces.
According to Izicki, the West’s cyber security played a key role in preventing Russia from using, for example, a cyberweapon called Industrior 2 – developed by the Sandworm hacker group, which is part of the GRU. It was this computer “virus” that shut down Ukrainian power grids during the annexation of Crimea and the invasion of Donbass in 2014.
Cyber warfare has many aspects. One of them is espionage, described at the beginning of the column. But at the start of the war in Ukraine, Russian hackers’ intent was to destroy real infrastructure and not steal data.
That is, they tried to use malware or cyber weapons, known as “wipes”, which destroy the contents of servers and render them useless. Electricity, water and transportation distribution systems depend on these servers today.
So, what Russia did was try to combine the attacks with weapons with kinetic effect (missiles, tanks) and cybernetic effect (computer virus). For example, Microsoft reports that sandworm hackers broke into the control system of the Ukrainian railway network. Railways are the main form of transport for refugees and wounded and weapons entering the country. A few days later, on May 3, strategic substations of the railway network were bombed by missiles in Lviv.
Microsoft also blames the missile destruction of Vinnytsia airport on information gathered by Russia after its hackers breached the city’s control systems.
But no one should overestimate Russia’s cyber capabilities. When I was in Ukraine for the first 75 days of the war, I was able to see the rapid repair of rail networks after the attacks. My personal opinion is that the Internet network of the largest Ukrainian cities (in war) was much faster and more efficient than the networks of Brazilian cell phone companies (in peace).
British and American intelligence reports indicated that early in the invasion, Russia failed to coordinate operations between its various units. For example, this would have led the Russians to abandon their attempt to capture the capital city of Gaya (there are other theories, such as the attack on the capital being a distraction). Similarly, the assessment of analysts in the cyber industry is that Russia has not always been able to link real and virtual warfare.
That’s because objectives on the battlefield can change quickly, but preparing for a cyber attack is a lot of work. “You can back up a tank and attack from the other side, but it can take days to change the target of a cyber attack,” Izicki said.
As Russia consolidated its command, withdrawing troops from the outskirts of Kyiv and focusing attacks on a single point in the east, the Donbass, the number of cyberattacks in Ukraine dropped dramatically since April, according to a Microsoft report. According to the US firm’s report, the focus has shifted to cyber espionage outside of Ukraine.
Generalizing aspects of espionage and infrastructure destruction to the “real” world, Russia’s cyberwarfare works in a third way: by promoting fake news (or the truth, but out of context) and trying to influence public opinion in its favor. .
According to a Microsoft report, Russia has been “planting” fake websites since 2021 to spread the story that US-funded labs in Ukraine are developing biological weapons and the Internet is spreading the theory.
There are or were laboratories in Ukraine that used Western funding, but there is no evidence that they were developing biological weapons.
According to Microsoft, consumption of news from pro-Russian sites increased by 216% in Ukraine and 82% in the United States during the war.
Traditional Western media, on the other hand, have been the main channel for disseminating information with an emphasis on the Ukrainian point of view. For example, the media reported Russian casualty figures without mentioning that Ukraine did not report its own casualties.
According to analysts, in a possible scenario, but not proven, Brazil could be or will be the target of this type of campaign.
According to Microsoft, Russia spreads messages that expose the weaknesses of government bodies and leaders of Western democracies. Democratic regimes are vulnerable to this kind of attack as freedom of expression and the current wave of political polarization ravages not just Brazil.
For example, Brazil may be affected by news that emphasizes France’s (true) statements of what happened in the past. The country questioned Brazil’s handling of the Amazon’s protection. Large exposures to this type of news could create a segment of the population hostile to the West – which would eventually favor rapprochement with Russia or membership in the BRICS. But as of now, there is no concrete evidence that this is happening or will happen.
Cyber espionage activities, on the other hand, are pursued not only by Russia but also by the West.
“Communicator. Award-winning creator. Certified twitter geek. Music ninja. General web evangelist.”