Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58pc share, mostly targeting government agencies and think tanks in the United States, the company said.
The devastating effectiveness of the SolarWinds hack, which mainly breached information technology businesses including Microsoft, also boosted Russian state-backed hackers’ success rate to 32pc in the year ending June 30, compared with 21pc in the preceding 12 months.
China accounted for fewer than one in 10 of the state-backed hacking attempts Microsoft detected, but was successful 44pc of the time in breaking into targeted networks, Microsoft said in its second annual Digital Defence Report.
While Russia’s prolific state- sponsored hacking is well known, Microsoft’s report offers unusually specific detail on how it stacks up against that by other US adversaries.
The report also cited ransomware attacks as a serious and growing plague, with the US by far the most-targeted country, hit by more than triple the attacks of the next most targeted nation.
Ransomware attacks are criminal and financially motivated.
By contrast, state-backed hacking is chiefly about intelligence gathering and thus generally tolerated by governments, with US cyber operators among the most skilled.
The report by Microsoft, which works closely with Washington government agencies, does not address US government hacking.
The SolarWinds hack was such an embarrassment to the US government, however, that some Washington legislators demanded some sort of retaliation.
President Joe Biden has had a difficult time drawing a red line for what cyber activity is permissible.
He has issued vague warnings to president Vladimir Putin to get him to crack down on ransomware criminals.
However, several top administration cyber security officials said this week that they have seen no evidence of that.
Overall, nation-state hacking has about a 10pc to 20pc success rate, said Cristin Goodwin, who heads Microsoft’s Digital Security Unit.
“It’s something that’s really important for us to try to stay ahead of – and keep driving that compromised number down – because the lower it gets, the better we’re doing,” Ms Goodwin said.
Ms Goodwin finds China’s “geopolitical goals” in its recent cyber espionage especially notable, including targeting universities in Taiwan and Hong Kong, where resistance to Beijing’s regional ambitions is strong.
Russian hack attempts were up from 52pc in the 2019-20 period as a share of global cyber-intrusion bids detected by the “nation-state notification service” that Microsoft employs to alert its customers.
For the year ending June 30, North Korea was second as country of origin at 23pc, up from less than 11pc previously.
China dipped to 8pc from around 12pc.
Accounting for more than 92pc of the detected Russian activity was the elite hacking team in Russia’s SVR foreign intelligence agency, best known as Cozy Bear.
Cozy Bear, which Microsoft calls Nobelium, was behind the SolarWinds hack which badly embarrassed Washington.
Among badly compromised US government agencies was the Department of Justice.