Cyber ​​War: Russia Tried to Spy on US, NATO, and Brazil

Russia has been trying to spy on 18 countries – including Brazil -, according to a report released this week by Microsoft. The actions take place in the midst of an espionage war between Russian intelligence agencies and the United States Cyber ​​Command in the context of the war in Ukraine.

The American Microsoft said that Moscow attacked 128 targets around the world, including governments, think tanks, humanitarian aid organizations, information technology companies and organizations responsible for critical infrastructure in countries.

In 29% of the attacks, Russian hackers managed to break into the computers of their targets. However, Microsoft did not detail which countries had data stolen or what kind of information the Russians were looking for.

Moscow denies any kind of espionage or cyber action in the Ukraine war.

According to cyber conflict expert Eduardo Izycki, a researcher at King’s College London, Russia has possibly two major objectives in this type of operation. The first is to find out what types of weapons and military equipment are actually being sent by the West to Ukraine.

“There have been public announcements from countries promising weapons, but the Russians want to know what the West is sending in fact and at what pace this occurs. Every movement of troops and weapons anywhere in the world is documented in some way and this information is in digital media”, said the researcher to the Wargames column.

“This is a way of monitoring something with a military purpose. In fact, it is possible to argue that this can even be considered legitimate action under international law”, he said.

The other objective of cyber espionage is to find out how much the politicians of the target countries are willing to support. Ukraine or Russia. With this information, Moscow can exploit, for example, divisions in NATO countries or in the US Congress. Or it can even decide which nations to court diplomatically to gain allies or political support.

Therefore, Russia has not only attacked governments, but also non-governmental organizations – which work by analyzing this type of information and measuring the political appetite of nations for war.

Sources at the top of the Brazilian government told this columnist that no significant or strategic data leaks from Brazil have been detected so far (intelligence information such as this is not discussed in official communiqués). But it is not possible to say with certainty that there was no invasion.

This uncertainty is not unique to Brazil, as there is no inviolable system. United States and European countries are also investigating whether their data was accessed or not. Microsoft has access to this type of information because most countries use its products and they can be remotely monitored by the company.

The Brazilian government has invested heavily in cyber defense and the country has gone from 71 th to 18 th position in the Global Cybersecurity Index, linked to a UN agency. The current security effort is part of the Digital Government Strategy 2020-2022, which aims to facilitate the population’s access to public services and digital technologies.

In Izycki’s opinion, the greatest possibility is that Brazil has been the target of a non-specific data collection operation – where Russian hackers would not target, for example, the top government, which has higher levels of protection.

Brazil is currently in a diplomatic “fair exit” in relation to the diplomatic bloc of the BRICS (Brazil, Russia, India, China and South Africa). The bloc emerged with an economic and commercial bias, but the war in Ukraine and US sanctions on Moscow have made Russia and China scramble to give the group a more political tone – trying to turn it into a political bloc to face. the United States and its allies.

Brazil and India have been trying to keep their balance and avoid politicizing the BRICS, but tensions are growing. Last Thursday, at the BRICS summit (which took place virtually), Chinese President Xi Jinping said that the bloc will enter a new journey and criticized the hegemonic world order – in which the US and its allies would be forcing countries to “choose sides”.

According to Microsoft, Brazil was not among the biggest targets of Russian hackers. The countries that received the highest number of cyber-invasion attempts were the United States, with 18% of cases, and Poland, with 8% . Romania, Germany, France, Sweden, Finland, Latvia, Lithuania, Great Britain, India, Australia, Canada, Mexico, Japan and countries in the Middle East, Central Asia and Africa also suffered Russian cyber espionage attempts.

But can we trust Microsoft’s report entirely?

According to analysts, it is unlikely that Microsoft would report an attack that did not happen, but the way to classify and count the occurrences can be questioned.

For example, the company claims that one of the only countries close to Russia that has not suffered from hackers’ actions was Estonia – which keeps its government data stored in public “clouds”, which rely on the service of companies like Microsoft itself.

Today, governments like the United States cannot handle their cyber defense with public resources alone. Washington has intelligence agencies, such as the NSA, which is in charge of cyber surveillance, and defense, such as the Cyber ​​Command – a complete military structure dedicated to combat in cyberspace. Even so, the US is increasingly dependent not only on Microsoft, but on the so-called Big Techs, such as Google, Apple and Meta to identify and contain cyber attacks.

There is an internal debate in the country of how desirable this dependence on private companies is.

Microsoft’s own report tries to imply that the best way for governments to protect their data is not to keep it on servers located in government facilities – because these buildings can be bombed in wars. The company says the safest option is to place them on “clouds” that operate from servers located in different countries.

Has Russia achieved its cyberwarfare goals in Ukraine?

Days before Russia began bombing Ukraine in February, the Ukrainian parliament authorized its digital public data and services to be transferred to companies like Microsoft. a high level of control of Ukrainian systems, with the aim of countering Russian cyber actions.

Early at the beginning of the attacks, buildings where Ukrainian computer servers were located were bombed, but the interruption of some services public was only momentary – because the data was no longer there.

In parallel, the American Cyber ​​Command would have engaged in virtual combat against Russian intelligence agencies, such as the FSB, SRV (the internal and external espionage, i.e. the former KGB) and the GRU, the general directorate of the armed forces.

According to Isycki, the cyber defense of the West was fundamental to prevent Russia from using, for example, a cyber weapon called Industroyer 2 – created by the hacker group Sandworm, subordinate to the GRU. It was this computer “virus” that caused the shutdown of Ukrainian power grids during the annexation of Crimea and the invasion of Donbas in 2014.

The war Cybernetics has several aspects. One of them is espionage, described at the beginning of the column. But at the beginning of the Ukrainian war, the aim of Russian hackers was more aimed at destroying real infrastructure and not stealing data.

That is, they tried to use malware or cyber weapons known as “ wipe”, which erase the contents of servers and render them useless. Electricity, water and transport distribution systems nowadays depend on these servers.

So what Russia did was try to combine attacks with kinetic weapons (missiles, tanks) and of cybernetic effect (computer virus). For example, according to the Microsoft report, the Sandworm hackers broke into the control system of the Ukrainian railway network. Railways are the main form of transport for refugees and wounded and for weapons to enter the country. Days later, on May 3, strategic substations of the railway network were bombed with missiles in Lviv.

Microsoft also attributes the missile destruction of Vinnytsia airport to information collected by Russia after its hackers invaded. city ​​control systems.

But Russia’s cyber capabilities should not be overestimated either. When I was in Ukraine, in the first 75 days of the war, I could see that the rail networks were quickly repaired after the attacks. My personal perception was that the internet network of the largest Ukrainian cities (at war) was much faster and more efficient than the networks of Brazilian cell phone companies (at peace).

British intelligence reports and American pointed out that, at the beginning of the invasion, Russia would have failed to coordinate actions among its different units. This would have led, for example, to the Russians giving up on trying to take the capital Kyiv (there are other theories, such as the attack on the capital would be a distraction). Likewise, the assessment of analysts in the cyber field is that Russia has not been able to combine real and virtual war actions at all times.

This is because battlefield objectives can change quickly, but preparing for a cyber attack is a lot of work. “You can back up a tank and attack from the other side, but it can take days to change the target of a cyber attack,” Izycki said.

According to the Microsoft report, when Russia unified its command, withdrew its troops from the outskirts of Kyiv and focused its offensive on one point, the Donbas, in the east, since April, the number of cyberattacks has dropped dramatically in Ukraine. The focus has shifted to cyber espionage outside Ukraine, according to the American company’s report.

Information warfare

Generalizing beyond the espionage strands and destruction of infrastructure in the “real” world, Russia’s cyber warfare acts in a third way: pushing fake news (or true, but out of context) to try to sway public opinion in its favor.

According to the Microsoft report, Russia has “planted” 2021 fake websites on the internet with the aim of spreading the narrative that US-funded laboratories in Ukraine are developing biological weapons. Throughout the war, these sites supported a flood of information promoted by Russia on the internet spreading this theory.

There are, or were, laboratories in Ukraine that used Western funds, but there is no proof that they would develop biological weapons.

According to Microsoft, the consumption of news those of sites sponsored by Russia during the war increased 216% in Ukraine and 82% in the United States.

The traditional western media has been the main channel for disseminating information with an emphasis on the Ukrainian point of view. For example, press vehicles published Russian casualty figures without mentioning that Ukraine does not disclose its own casualties.

According to analysts, in a possible but unproven scenario, Brazil may be or will be to be the target of this type of propaganda.

According to Microsoft, Russia has been spreading news that exposes the weaknesses of the government systems and the leaders of western democracies. Democratic regimes are vulnerable to this type of attack because of freedom of expression and the current wave of political polarization that is plaguing not only Brazil.

Brazil may, for example, suffer from news driven by that emphasize (true) statements by France that occurred in the past. The country questioned the way Brazil treats the preservation of the Amazon. exposed to a large amount of this type of news, part of the population can create antipathy for the West – which would favor an eventual rapprochement with Russia or adhesion to the BRICS. But, for now, there is no concrete evidence that this is happening or will happen.

On the other hand, cyber espionage actions, practiced not only by Russia, but by the West, tend to Continue.

Back to top button