(CNN) Hackers linked to the Russian military have targeted – and in some cases successfully infiltrated – the networks of European military, energy and transport organizations in an apparent espionage campaign that went undetected for months as the war raged in Ukraine. Microsoft told its customers in a report obtained by CNN.
The report shows how Russian hacking can slip under the radar during the war and, if at all, come to light months later, despite heightened defensiveness from Western governments and tech companies.
As the Russian military advance in Ukraine faltered, Kremlin hacking teams scoured the networks of Western logistics and transportation companies that support Ukraine’s defenses for information cybersecurity experts and US officials say linked to a battlefield or a… geopolitical advantage.
A tip from Ukrainian officials prompted Microsoft to investigate the cyber activities and discover that the Russian hackers had exploited a previously unknown flaw in Microsoft’s email software between April and December 2022, according to Microsoft.
Microsoft publicly disclosed the vulnerability on Tuesday and urged customers to update their software. Microsoft privately informed its customers that “less than 15” organizations had been attacked or injured by the Russian agents.
BleepingComputer, a tech news outlet, first reported on Microsoft’s advice to customers.
The hackers used a stealthy technique to steal login credentials from victim organizations and then attempted to further dig into the organizations’ email folders, Microsoft told customers. The technology company did not name the affected organizations.
Microsoft has accused a hacking group that US officials have publicly linked to Russia’s GRU military intelligence agency. US officials have claimed that the same agency’s hackers breached the servers of the Democratic National Committee as part of a sweeping attempt to undermine Hillary Clinton’s candidacy in the 2016 US presidential election.
Russia has denied this specific claim and others from the US that it is conducting cyberattacks. CNN has contacted Microsoft and the Russian Embassy in Washington for Microsoft advice.
“Microsoft released a security update in March to keep our customers safe and secure,” a Microsoft spokesman said in an emailed statement. “Customers who apply the update or have automatic updates turned on are already protected.”
US officials braced themselves for potential collateral damage to US organizations from alleged Russian hacking operations in Ukraine and elsewhere during the war, but such domino effects have largely failed to materialize.
Microsoft blamed another GRU-affiliated hacking team for ransomware attacks on Ukrainian and Polish transport and logistics companies in October, but there were no reports of spread to other organizations.