The United States, Ukraine, Israel and Taiwan top the list of the countries most targeted by nation-state hacker groups, according to Microsoft’s latest Digital Defense Report.
However, state-sponsored hacker operations grew increasingly global in scope over the last year, particularly expanding in the Global South to more parts of Latin America and sub-Saharan Africa.
The report also notes that Russian and Iranian state-sponsored actors that employed destructive attacks most frequently shifted their focus to cyber espionage campaigns. Microsoft says that 50% of destructive Russian attacks observed against Ukrainian networks occurred in the first six weeks of the war.
In addition to attacks on Ukraine, Russian threat actors intensified cyber operations against Western countries, with 46% of the observed attacks targeting organizations within NATO member states, particularly the United States, United Kingdom, and Poland.
Iranian cyber operations have become more advanced using increasingly sophisticated tradecraft, with threat actors enhancing operations in cloud environments, rolling out an increasing number of custom implants, and becoming faster at exploiting newly released vulnerabilities, according to Microsoft.
North Korean hackers have been observed employing previously undocumented forms of attacks (such as using one supply chain attack to enable another supply chain compromise) and expanded their targets to include organizations in the maritime and shipbuilding sector.
China continues to carry out sophisticated worldwide campaigns targeting US defense and critical infrastructure, nations bordering the South China Sea, and even the country’s strategic partners.
“Chinese state-sponsored cyber activity around the South China Sea reflects Beijing’s strategic goals in the region and heightened tensions around Taiwan. Much of the targeting appears to be for intelligence collection purposes,” the report notes.
Russia, Iran and China have been increasing the scope of their influence operations, with some influence actors increasingly employing AI-generated content in their campaigns. Russia-linked threat groups engaging in influence campaigns continue to try to sow distrust between Ukraine and European partners who support Kyiv and disrupt Western military support, while Chinese-affiliated actors spread anti-US propaganda.
