(CNN) Military-linked Russian hackers have used a critical flaw in Microsoft’s messaging software to target – and in some cases infiltrate – the networks of European military, energy and transportation organizations in an apparent espionage campaign that went undetected for months as the war in Ukraine raged. , Microsoft told its customers in a report obtained by CNN.
The report shows how, despite the heightened defensive posture of Western governments and tech companies during the war, Russian hacking can go unnoticed and come to light, if ever, months after the fact.
As Russian military advances in Ukraine faltered, Kremlin hacking teams scoured the networks of Western logistics and transportation companies supporting Ukraine’s defenses for intelligence that could translate into a battlefield. or a geopolitical advantage, according to cybersecurity experts and US officials.
A council of Ukrainian officials led Microsoft to investigate cyber activity and discovered that Russian hackers had exploited the previously unknown software flaw between April and December 2022, according to Microsoft.
Microsoft publicly disclosed the vulnerability on Tuesday, urging customers to update their software. Privately, Microsoft told customers that “less than 15” organizations had been targeted or breached by the Russian agents.
BleepingComputer, a technology news outlet, first reported on Microsoft’s advice to customers.
The hackers used a stealthy technique to steal victim organizations’ login credentials, then sought to dig deeper into the organizations’ email records, Microsoft told its customers. The tech company did not name the targeted organizations.
Microsoft blamed a hacking group that US officials have publicly linked to Russia’s GRU military intelligence agency. US officials have alleged that hackers from the same agency hacked into Democratic National Committee servers as part of a broad effort to undermine Hillary Clinton’s bid for the 2016 US presidential election.
Russia has denied this specific allegation and others from the United States that it is carrying out cyberattacks. CNN has contacted Microsoft and the Russian Embassy in Washington about Microsoft’s advice.
US officials braced for potential collateral damage to US organizations from alleged Russian hacking operations in Ukraine and elsewhere during the war, but those ripple effects largely failed to materialize.
Microsoft blamed another GRU-linked hacking team for ransomware attacks on Ukrainian and Polish transportation and logistics organizations in October, but there were no reports of fallout on other organizations.