Attack against Microsoft: Who or what are “state

Enlarge image

PC keyboard: a weapon in an emergency

Photo: Frank Rumpenhorst/dpa

On Friday, the US company Microsoft, currently the highest valued company in the world, announced a cyber attack on its IT infrastructure by alleged Russian hackers.

The attack was apparently intended for infiltration and information gathering, in short: industrial espionage or sabotage.

So it's business as usual for any larger company, one might think, if there weren't two other aspects at play.

On the one hand, Microsoft traced the attack back to the hacker group Midnight Blizzard - and, according to US information, they are close to the Russian foreign secret service SWR (Slushba vneschnei raswedki).

On the other hand, there is the special role that Microsoft plays in the world as a software manufacturer: There is hardly a country in the world where the attack on Microsoft infrastructure is not a systemically important issue.

It was hardly surprising that the report about the cyber attack contained the information that it had been carried out by a “state-sponsored hacker group”.

The twisted formulation is a euphemism that is used to avoid plain language when one cannot or does not want to say publicly what one actually means: an attack on behalf of the state.

Or at least in the sense of a state and sanctioned by it.

Cybercrime and cyberwar: Who is hacking?

In the early days of digital, media reports of hacking attacks were common.

There is one main reason why we read about them less often today: cyber attacks are part of everyday life, almost omnipresent.

Most of them are simply criminally motivated, and there are a lot of them.

For example, through phishing, which could also be the issue in the Microsoft case: The company claims that the attack has nothing to do with vulnerabilities in its products or services.

If a hack is not based on vulnerabilities in the code or in the security of services, the vulnerability is usually in front of the computer: By far the most successful cyber attacks are aimed at errors made by users - for example by clicking on links or attachments in emails. inadvertently allow the contamination of computer systems.

There is no email account that does not receive several such phishing emails every day.

Most of them are clumsy, easy to identify and the recipients never even see them - they are filtered out in advance by email services.

Phishing attacks that should be taken seriously are more targeted and usually aim to infiltrate and hijack computers or entire networks.

Often to lock the infected computers and extort a ransom.

There is particularly much to be gained in the banking and financial sector, claims the Anti-Phishing Working Group consortium, in which security companies and financial companies are organized.

In the first quarter of 2023 alone, this APWG reports, financial companies reportedly accounted for 23.5 percent of all recorded phishing attacks.

How many exactly were there?

Around 380,000 of a total of an incredible 1.6 million targeted attacks in just three months.

This doesn't even begin to describe the extent of phishing, cyberattacks and hacks.

It is clear that politically, secret service or military motivated attacks are quickly lost in the background noise of these attacks.

And because direct destructive action on the part of the state would today be seen as an act of war, many states resort to another means: hacker groups that act on their behalf or at least with their benevolent tolerance.

Does something like this really happen?

This started at the end of the 1990s at the latest, when more and more state infrastructures were networked via the Internet.

Chinese hacker groups that “took sides” for their state from the Chinese Internet, which is actually largely state-controlled, were noticed early on: “State-sponsored” hack attacks are particularly common in times of international political tensions, crises or wars.

Western media repeatedly report that nations such as China, Russia and North Korea then allowed hack attacks to take place from within their countries.

But the pattern is widespread worldwide.

American hacktivists – politically motivated hackers – also like to attack Russian, Chinese or North Korean infrastructure.

How common are such attacks?

They are definitely not rare.

Between September and November 2023, the American "Center for strategic and international Studies", a think tank close to the US defense industry, documented attacks from the direction of the preferred suspects with the limited vision typical of the camp: eight targeted waves of attacks from China, five from Russia, There are also attacks from Vietnam, North Korea, India and Iran, behind which “state-sanctioned” hackers are suspected.

However, the perpetrators of simultaneous attacks on Russian military IT structures could not be identified.

Describing a hack as “state-sanctioned” is always an implicit accusation, but one that can certainly accurately reflect the reality.

This can, but does not have to mean that state “sponsorship” of such attacks consists of directly supporting a hacker group.

But it is also enough to simply overlook such activities and not punish them because they correlate with the interests of a state.

From the perspective of the person being attacked, one is virtually indistinguishable from the other.

Such attacks, if they are actually supported by the state or at least tolerated, are the lowest-threshold form of “cyberwar” – attacks that cannot be proven to state actors.