How Cozy Bears contributed to Russia’s large share in state-sponsored hacking

8

October

2021

No ratings yet.

This blog is based on the annual Microsoft Digital Defense Report, which covers the months of July 2020 to June 2021.

Recently Microsoft published their Digital Defense report exposing nations where cyberattacks mostly origin from. According to this report, large scale cyber hackers are countries such as North Korea, Iran and China. However, last year’s winner is Russia. Over the past year, Russia has been accounted for the majority of state-sponsored hackings according to the Digital Defense report published by Microsoft. With a 58% share, the winner primarily targets US government agencies. An example of one of Russia’s hacks is SolarWinds, which was discovered in 2020. The SolarWinds software has contributed to an increase in Russian succession of state-backed hackers by 11%. The success rate went up from 21% to 32%, which proves that the succession of the Russian attacks has increased drastically.

The Russian hacking group who was behind SolarWinds is called ‘Cozy Bear’. These not so snuggly bears are being accounted for more than 92% of Russian hacking activities. The group has largely humiliated the US government, and US senators still hold a grudge for this action. The group extracted 80% of all email accounts in the US Department of Justice.

As the US found the Cozy Bears not so cozy, they refer now to them as Nobelium. After the group of Cozy Bears was discovered, Russia started focusing on other areas such as organizations developing COVID-19 related operations, security and geopolitics again.

Russia can still learn a lot from its neighbor China regarding effectiveness, as China has a cyberattack success rate of 44%. However, China was was only accounted for “less than one out of every ten state-sponsored hacking attempts”, which is only 8%, while Russia was responsible for 58% as aforementioned.

However, China and Russia are both very successful compared to the overall success rate of country hackers, as the average success rate is around 10 – 20%.


Facts regarding state-sponsored cyberattacks:

  • Cyberattacks are mostly targeted at consumer retail (13%), financial services (12%), manufacturing (12%), government (11%) and health care (9%). The victim of these attacks are often the United States.
  • Most often used, and fastest growing attack strategy are ransomware assaults. In this kind of digital assault, the hackers attempts to get money from its victims.
  • State-sponsored cyberattacks are mainly aiming on gaining knowledge regarding geopolitics and security.

References

Associated Press. (2021, October 7). Microsoft: Russia behind 58% of detected state-backed hacks. Opgehaald van MAG MTV: https://www.wagmtv.com/2021/10/07/microsoft-russia-behind-58-detected-state-backed-hacks/

Microsoft. (2021). Microsoft Digital Defense Report. Microsoft.

Please rate this

1 thought on “How Cozy Bears contributed to Russia’s large share in state-sponsored hacking”

  1. Such an interesting post Myrthe!
    There are so many open-ended questions that I am curious about. I wonder if there are any kind of repercussions between countries on such hacking attempts. With the anonymity that the Internet provides, it must be so complex to pinpoint who the people behind such an attack are. And how can hacking attempts be state sponsored while still maintaining anonymity?
    I have always been intrigued by the concept of white hats vs black hats in the hacking community. For those that do not know, people that extremely skilled in computer language and specifically hacking often have to choose what to do with their skills.
    Indeed, their skill level is so high that they have the power to do whatever they want as long as they are able to hide their tracks.
    White hat hackers are the ones that choose to follow a more ‘honorable’ path where their mission is to find weakness in information systems and warn their owner’s so that they can either patch their hole, or hire those hackers to do it for them.
    Whereas Black hat hackers are those that delve in illegal activity such as the ransomware you have mentioned, taking the opportunity to steal corporate secrets and data when they can, and target any weak link that could become profitable for them, either through own-use or sale.
    From your article, it seems that most of the hacking that you are describing is more aligned with the Black hat type, which is why I am shocked to hear that such hacking campaigns are state-sponsored. It is as if these countries are having an invisible war between them, targeting local based corporations. Seeing how hidden it is to the public, I wonder how active the discussion is amongst those that hold political power, to what degree these attacks have been planned out, and if it is all part of a political agenda.
    This is a topic that deserves more spotlight, I believe. Especially in the bigger media companies such as TV news etc.

Leave a Reply

Your email address will not be published. Required fields are marked *