(CNN) Russian military-linked hackers used a critical flaw in Microsoft’s email software to attack — and in some cases infiltrate — the networks of European military, energy and transportation organizations in an apparent espionage campaign that went undetected for months while the war in Ukraine was raging, Microsoft told its customers in a report obtained by CNN.
The report shows how, despite the heightened defensiveness of Western governments and technology companies during the war, Russian hacking can slip under the radar and only come to light months later.
As Russia’s military advance in Ukraine faltered, Kremlin hacking teams have been combing the networks of Western logistics and transportation companies that support Ukraine’s defenses for information that could translate into a battlefield or geopolitical advantage, according to cybersecurity experts and U.S. officials. officials.
A tip from Ukrainian officials led Microsoft to investigate the cyberactivity and discover that the Russian hackers had exploited the previously unknown software leak between April and December 2022, Microsoft said.
Microsoft made the vulnerability public on Tuesday and urged customers to update their software. Privately, Microsoft told customers that “fewer than 15” organizations were targeted or breached by the Russian agents.
BleepingComputer, a tech news outlet, first reported on the Microsoft advisory to customers.
The hackers used a stealthy technique to steal victim organization credentials and then attempted to dig further into organizations’ email folders, Microsoft told customers. The technology company did not name the targeted organizations.
Microsoft blamed a hacking group that US officials have publicly linked to Russia’s military intelligence agency GRU. US officials have alleged that hackers from the same agency breached the Democratic National Committee’s servers as part of a sweeping effort to undermine Hillary Clinton’s candidacy in the 2016 US presidential election.
Russia has denied that specific claim and other allegations from the US that it carries out cyber attacks. CNN has contacted Microsoft and the Russian Embassy in Washington about Microsoft’s advice.
U.S. officials braced for potential collateral damage to U.S. organizations from alleged Russian hacking operations in Ukraine and elsewhere during the war, but such ripple effects largely failed to materialize.
Microsoft blamed another GRU-linked hacking team for ransomware attacks on Ukrainian and Polish transportation and logistics organizations in October, but there were no reports of spillovers to other organizations.