Microsoft: attacks from Russian nation-state actors are increasingly effective

Russia is responsible for 58% of all nation-state attacks observed by Microsoft, company claims in the second annual Digital Defence Report.

“Attacks from Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate last year to a 32% rate this year,” the company claims.

According to Microsoft, Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense.

The top three countries targeted by Russian nation-state actors were the United States, Ukraine, and the UK.

However, Russia is not the only nation-state actor working to evolve its approaches. The largest volume of attacks Microsoft observed came from North Korea, Iran, and China. South Korea, Turkey (a new entrant to Microsoft’s reporting), and Vietnam were also active but attacks carried out by groups attributed to these countries were much lesser in volume.

Espionage is still the most common goal for nation-state attacks. However, some attacker activities reveal other purposes. For example, Iran quadrupled its malicious campaigns targeting Israel in the past year and launched destructive attacks among heightened tensions between the two countries.

North Korea targeted cryptocurrency companies for profit as sanctions and Covid-19 decimated its economy.

“21% of attacks we observed across nation-state actors targeted consumers and 79% targeted enterprises with the most targeted sectors being government (48%), NGOs and think tanks (31%), education (3%), intergovernmental organizations (3%), IT (2%), energy (1%) and media (1%),” Microsoft said in its report.

Information collection is another common goal for nation-state cyberattacks. Several Chinese actors have used a range of previously unidentified vulnerabilities. HAFNIUM targeted on-premises Exchange Servers. Also, Microsoft detected and reported a Pulse Secure VPN zero-day and a SolarWinds zero-day earlier this year, both being exploited by Chinese actors.

In total, Microsoft notified customers 20,500 times about attempts by all nation-state actors to breach their systems in the past three years. The company emphasized that it does not observe every global cyberattack.

In the report, Microsoft also put an emphasis on cybercrime, claiming that it - especially ransomware - remains “a serious and growing plague,” adding that in the past year, the “cybercrime-as-a-service” economy transitioned from a nascent but rapidly growing industry to a mature criminal enterprise.

“Today, anyone, regardless of technical knowledge, can access a robust online marketplace to purchase the range of services needed to execute attacks for any purpose,” the company claimed.

More from CyberNews:

Google warns 14,000 Gmail users: government-backed attackers may be trying to steal your password

We've seen just the tip of the Mēris botnet iceberg

Anonymous hacker leaks Twitch's source code and other secret information

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked