Russia’s shadow war against Europe has begun as cyber attacks abusing Microsoft infrastructure increase

News
By published

Russian threat actors targeting Microsoft infrastructure to wage its shadow war

Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
(Image credit: Getty Images)

New research from cybersecurity firm Heimdal has showed a huge spike in brute force attacks against corporate and institutional networks across Europe, with most of the attacks originating in Russia.

Brute force attacks are used to gain access to accounts and systems by using trial and error to guess weak passwords.

Article continues below

Cities, companies and infrastructure under attack

Over half of the attacks originate from IP addresses in Moscow, which are then used to target major cities across a range of countries in Europe, including the United Kingdom, Lithuania, Denmark and Hungary.

Worryingly, the rest of the attack IPs originate in Amsterdam and Brussels, with major ISPs such as Telefonica LLC and IPX-FZCO being abused by the threat actors. Research by Heimdal shows that the attacks are actively exploiting Microsoft infrastructure in the Netherlands and Belgium as a means to increase their attack range and success in Europe.

More than 60% of the IPs used to launch attacks are new, with around 65% of them being recently compromised, and the rest being previously abused by the attackers. The threat actors have been observed abusing SMBv1 crawlers, RDP crawlers and RDP alternative port crawlers to crack weak or default credentials.

Some of the motivations behind the attacks include exfiltrating sensitive data, disrupting services, deploying malware, and financial gain. Much of the work performed by the threat actors covers seek-and-destroy, critical asset disruption, and sabotage.

“This data shows that an entity in Russia is waging a hybrid war on Europe, and may have even infiltrated it. The threat actors are aiming to extract as much data or financial means as possible, leveraging Microsoft infrastructure to do so,” Heimdal founder Morten Kjaersgaard said.

“Whoever is responsible, whether it’s the state or another nefarious group, they have no shame in using Russia’s allies to commit these crimes. The exploitation of Indian infrastructure is a strong example. The data also proves these attackers have strong ties with China,” Kjaersgaard concluded.

More from TechRadar Pro

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.