Russia has been trying to spy on 42 countries – including Brazil – according to a report released this week by Microsoft. The actions take place in the midst of an espionage war between Russian intelligence agencies and the United States Cyber Command in the context of the war in Ukraine.
The American Microsoft said that Moscow attacked 128 targets around the world, including governments, think tanks, humanitarian aid organizations, information technology companies and organizations responsible for critical infrastructure in countries.
In 29% of the attacks, Russian hackers managed to break into the computers of their targets. However, Microsoft did not detail which countries had data stolen or what kind of information the Russians were looking for.
Moscow denies any espionage or cyber action in the Ukraine war.
According to cyber conflict expert Eduardo Izycki, a researcher at King’s College London, Russia has possibly two major objectives in this type of operation. The first is to find out what types of weapons and military equipment are actually being sent to Ukraine by the West.
“There have been public announcements from the countries promising weapons, but the Russians want to know what the West is actually sending and at what pace it is happening. Every movement of troops and weapons anywhere in the world is documented in some way and this information is in digital media”, said the researcher to the Wargames column.
“This is a way of monitoring something with a military objective. In fact, it can be argued that this could even be considered legitimate action under international law,” she said.
The other purpose of cyber espionage is to find out how much politicians in the target countries are willing to support Ukraine or Russia. With this information, Moscow can exploit, for example, divisions in NATO countries or in the US Congress. Or it may even decide which nations to court diplomatically to gain allies or political support.
Therefore, Russia has not only attacked governments, but also non-governmental organizations – which work by analyzing this type of information and measuring the political appetite of nations for war.
Sources at the top of the Brazilian government told this columnist that so far no significant or strategic data leaks from Brazil have been detected (intelligence information such as this is not discussed in official communiqués). But it is not possible to say with certainty that there was no invasion.
This uncertainty is not unique to Brazil, as there is no inviolable system. United States and European countries are also investigating whether their data was accessed or not. Microsoft has access to this type of information because most countries use its products and they can be remotely monitored by the company.
The Brazilian government has invested heavily in cyber defense and the country has moved from 71st to 18th position in the Global Cybersecurity Index, linked to a UN agency. The current security effort is part of the Digital Government Strategy 2020-2022, which aims to facilitate the population’s access to public services and digital technologies.
In Izycki’s opinion, the greatest possibility is that Brazil has been the target of a non-specific data collection operation – where Russian hackers would not target, for example, the top government, which has higher levels of protection.
Brazil is currently in a diplomatic “fair skirt” in relation to the Brics diplomatic bloc (Brazil, Russia, India, China and South Africa). The bloc emerged with an economic and commercial bias, but the war in Ukraine and US sanctions on Moscow have made Russia and China scramble to give the group a more political tone – trying to turn it into a political bloc to face. the United States and its allies.
Brazil and India have been trying to keep their balance and avoid politicizing the BRICS, but tension is growing. Last Thursday, at the BRICS summit (which took place virtually), Chinese President Xi Jinping said that the bloc will enter a new journey and criticized the hegemonic world order – in which the US and its allies would be forcing countries to “choose sides”.
According to Microsoft, Brazil was not among the biggest targets of Russian hackers. The countries that received the highest number of cyber-invasion attempts were the United States, with 12% of cases, and Poland, with 8%. Romania, Germany, France, Sweden, Finland, Latvia, Lithuania, Great Britain, India, Australia, Canada, Mexico, Japan and countries in the Middle East, Central Asia and Africa also suffered Russian cyber espionage attempts.
But can we trust Microsoft’s report entirely?
According to analysts, Microsoft would hardly report an attack that did not happen, but the way to classify and count the occurrences can be questioned.
For example, the company claims that one of the only countries close to Russia that has not suffered from hackers’ actions was Estonia – which keeps its government data stored in public “clouds”, which are serviced by companies like Microsoft itself.
Today, governments like the United States cannot manage their cyber defense with public resources alone. Washington has intelligence agencies, such as the NSA, which is in charge of cyber surveillance, and defense, such as the Cyber Command – a complete military structure dedicated to combat in cyberspace. Even so, the US is increasingly dependent not only on Microsoft, but on so-called Big Techs such as Google, Apple and Meta to identify and contain cyberattacks.
There is an internal debate in the country as to how desirable this dependence on private companies is.
Microsoft’s own report tries to imply that the best way for governments to protect their data is not to keep it on servers located in government facilities – as these buildings can be bombed in wars. The company says the safest option is to place them on “clouds” that operate from servers located in different countries.
Has Russia achieved its cyberwar goals in Ukraine?
Days before Russia began bombing Ukraine in February, the Ukrainian parliament authorized its digital public data and services to be transferred to companies such as Microsoft. They gained security access, allowing a high level of control over Ukrainian systems, with the aim of countering Russian cyber actions.
Early in the attacks, buildings where Ukrainian computer servers were located were bombed, but the interruption of some public services was only momentary – as the data was no longer there.
In parallel, the US Cyber Command would have engaged in virtual combat against Russian intelligence agencies, such as the FSB, SRV (the internal and external spy agencies, that is, the former KGB) and the GRU, the Directorate General of the Armed Forces.
According to Isycki, the West’s cyber defense was instrumental in preventing Russia from using, for example, a cyber weapon called Industroyer 2 – created by the Sandworm hacker group, subordinate to the GRU. It was this computer “virus” that caused the shutdown of Ukrainian power grids during the annexation of Crimea and the invasion of Donbas in 2014.
Cyber warfare has several aspects. One is espionage, described at the beginning of the column. But at the beginning of the Ukraine war, the aim of Russian hackers was more aimed at destroying real infrastructure and not stealing data.
That is, they tried to use malware or cyber weapons known as “wipe”, which erase the contents of servers and render them useless. Electricity, water and transportation distribution systems today depend on these servers.
So, what Russia did was try to combine attacks with weapons with a kinetic effect (missiles, tanks) and with a cybernetic effect (computer virus). For example, according to the Microsoft report, the Sandworm hackers broke into the control system of the Ukrainian railway network. Railways are the main form of transport for refugees and wounded and for weapons to enter the country. Days later, on May 3, strategic substations of the railway network were bombed with missiles in Lviv.
Microsoft also attributes the missile destruction of Vinnytsia airport to information gathered by Russia after its hackers broke into the city’s control systems.
But neither should one overestimate Russia’s cyber capabilities. When I was in Ukraine for the first 75 days of the war, I could see that the rail networks were quickly repaired after the attacks. My personal perception was that the internet network of the biggest Ukrainian cities (at war) was much faster and more efficient than the networks of Brazilian cell phone companies (at peace).
British and American intelligence reports pointed out that, at the beginning of the invasion, Russia had failed to coordinate actions between its various units. This would have led, for example, to the Russians giving up on trying to take the capital Kyiv (there are other theories, such as the attack on the capital would be a distraction). Likewise, the assessment of analysts in the cyber field is that Russia has not been able to combine real and virtual war actions at all times.
This is because objectives on the battlefield can change quickly, but preparing for a cyber attack is a lot of work. “You can back up a tank and attack from the other side, but it can take days to change the target of a cyber attack,” Izycki said.
According to the Microsoft report, when Russia unified its command, withdrew troops from the outskirts of Kyiv and focused the offensive on a single point, the Donbas, in the east, since April, the number of cyber attacks dropped dramatically in Ukraine. The focus has shifted to cyber espionage outside Ukraine, according to the American company’s report.
Generalizing, in addition to the aspects of espionage and destruction of infrastructure in the “real” world, Russia’s cyber warfare acts in a third way: boosting fake news (or true, but out of context) to try to influence public opinion in its favor.
According to the Microsoft report, Russia “planted” fake websites since 2021 in order to spread the narrative that US-funded laboratories in Ukraine were developing biological weapons. Throughout the war, these websites served as support for a flood of information promoted by Russia on the internet spreading this theory.
There are, or were, laboratories in Ukraine that used Western funds, but there is no proof that they would develop biological weapons.
According to Microsoft, consumption of news from Russian-sponsored sites during the war increased by 216% in Ukraine and 82% in the United States.
Traditional western media, on the other hand, have been the main channel for disseminating information with an emphasis on the Ukrainian point of view. For example, media outlets reported Russian casualty figures without mentioning that Ukraine does not report its own casualties.
According to analysts, in a possible scenario, but not proven, Brazil may be or will be the target of this type of propaganda.
According to Microsoft, Russia has been spreading news that exposes the weaknesses of the government systems and leaders of Western democracies. Democratic regimes are vulnerable to this type of attack because of freedom of expression and the current wave of political polarization that is ravaging not only Brazil.
Brazil may, for example, suffer from news driven that emphasizes (true) statements by France that occurred in the past. The country questioned the way Brazil treats the preservation of the Amazon. Exposed to a large amount of this type of news, part of the population may develop antipathy towards the West – which would favor an eventual rapprochement with Russia or membership of the BRICS. But for now, there is no concrete evidence that this is happening or will happen.
On the other hand, cyber espionage actions, practiced not only by Russia but also by the West, tend to continue.