In the attack on Microsoft, a Russian cyber unit was looking for information about itself. Possibly because Microsoft is involved in Ukraine.
IT companies like Microsoft have become worthwhile targets for secret services because they hold valuable intelligence information.
David Paul Morris / Bloomberg
Of all companies, Microsoft. The tech giant was the victim of a cyber attack in recent weeks, it announced on Friday. Microsoft has massively expanded the IT security area in recent years and is now one of the important providers of security solutions. The successful attack is therefore disturbing and remarkable – also because it highlights a trend in counterintelligence. Tech companies have now become opponents of secret services from Russia and China.
Questions about security at Microsoft arose back in the summer when suspected Chinese state attackers were able to access emails from American authorities in the Microsoft cloud. The circumstances of the Russian attack now strongly point to inadequate security precautions.
The inspiration was an outdated test account that was no longer used. The account appeared to have a weak password and was not protected by two-factor authentication. In its blog entry on the attack, the IT company also admits that the current internal security requirements are not always adhered to on old systems.
Spies wanted to know what Microsoft knew about them
Such deficiencies make it easy for state attackers with their vast resources. The APT 29 (“Cozy Bear”) group of the Russian foreign intelligence service SWR, which Microsoft says is behind the attack, was not targeting customer data stored on Microsoft servers, but rather Microsoft’s internal information.
The APT 29 group gained access to email accounts of some senior management team members and cybersecurity employees. APT 29 was initially concerned with obtaining information about itself. The Russian spies obviously wanted to know how much Microsoft knew about them.
Thanks to their systems, companies like Google, Microsoft and Cisco often see the activities of state attackers earlier and more comprehensively than intelligence services do. Their extensive knowledge of state cyber units is therefore important for counterintelligence. Accordingly, there are also collaborations with government agencies. It is therefore no coincidence that the Russian foreign secret service is now interested in the knowledge of a large IT security company.
Political neutrality no longer exists for IT security companies. They also publish a lot of information about the espionage activities of states such as Russia, China and Iran. On the other hand, there is hardly ever a report on Western cyber operations. And if so, crucial details are missing. This was the case in 2021, for example, when Google made a Western cyber operation public, but did not name the aim of the operation or the technical infrastructure used.
Microsoft helps Ukraine defend against Russian cyberattacks
The situation has become even worse with the war in Ukraine. Western IT companies are at the forefront when it comes to protecting Ukrainian IT systems and fending off Russian cyberattacks. Microsoft has made numerous services available to Ukraine free of charge. In the area of IT security, this includes AI functions for detecting cyberattacks, which in turn gave Microsoft the opportunity to test them under real conditions. Such information can also be of interest to Russia.
The Russian cyber attack on Microsoft confirms the new reality: IT security companies have become worthwhile targets for secret services because they hold valuable intelligence information. With the intensifying conflict between the West and the axis of China, Russia, Iran and North Korea, this problem is becoming even greater.