Russia’s shadow war against Europe has begun as cyber attacks abusing Microsoft infrastructure increase

News
By published

Russian threat actors targeting Microsoft infrastructure to wage its shadow war

Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
(Image credit: Getty Images)

New research from cybersecurity firm Heimdal has showed a huge spike in brute force attacks against corporate and institutional networks across Europe, with most of the attacks originating in Russia.

Brute force attacks are used to gain access to accounts and systems by using trial and error to guess weak passwords.

Russian threat actors have been abusing this technique to exploit Microsoft infrastructure in an effort to avoid detection, with attacks occurring since as early as May 2024 but may have been happening earlier.

Cities, companies and infrastructure under attack

Over half of the attacks originate from IP addresses in Moscow, which are then used to target major cities across a range of countries in Europe, including the United Kingdom, Lithuania, Denmark and Hungary.

Worryingly, the rest of the attack IPs originate in Amsterdam and Brussels, with major ISPs such as Telefonica LLC and IPX-FZCO being abused by the threat actors. Research by Heimdal shows that the attacks are actively exploiting Microsoft infrastructure in the Netherlands and Belgium as a means to increase their attack range and success in Europe.

More than 60% of the IPs used to launch attacks are new, with around 65% of them being recently compromised, and the rest being previously abused by the attackers. The threat actors have been observed abusing SMBv1 crawlers, RDP crawlers and RDP alternative port crawlers to crack weak or default credentials.

Some of the motivations behind the attacks include exfiltrating sensitive data, disrupting services, deploying malware, and financial gain. Much of the work performed by the threat actors covers seek-and-destroy, critical asset disruption, and sabotage.

“This data shows that an entity in Russia is waging a hybrid war on Europe, and may have even infiltrated it. The threat actors are aiming to extract as much data or financial means as possible, leveraging Microsoft infrastructure to do so,” Heimdal founder Morten Kjaersgaard said.

“Whoever is responsible, whether it’s the state or another nefarious group, they have no shame in using Russia’s allies to commit these crimes. The exploitation of Indian infrastructure is a strong example. The data also proves these attackers have strong ties with China,” Kjaersgaard concluded.

More from TechRadar Pro

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
Russia
Major Russian hacking group shifts focus to US and UK targets
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices
Hook on Keyboard
Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts
Russian flag on a laptop
Hackers are using Russian domains to launch complex document-based phishing attacks
A red padlock image against a digital map of the earth in blue.
Midnight Blizzard hacking group hijacks RDP proxies to launch malware attacks
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
More about pro
A hand holding an iPhone with the iCloud logo on screen.

"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government
Best email services: image of email with one unread message alert

Over 400 million unwanted and malicious emails were received by businesses in 2024
Three iPhone 16 handsets on show

Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
See more latest
Most Popular
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
A hand holding an iPhone with the iCloud logo on screen.
"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
A hand reaching out to touch a futuristic rendering of an AI processor.
Researchers want to embrace Arm's celebrated paradigm for a universal generative AI processor; a puzzling MEGA.mini core architecture
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Nokia 5G 360 Camera
This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof