Microsoft said it observed an increase in cyber activity linked to nation-state actors collaborating with cybercriminals over the past year, targeting critical sectors including military, aerospace, and defense.

According to Microsoft’s report on digital threats, Russian state-backed hacker groups have been outsourcing cyberespionage tasks to cybercriminal groups, particularly those targeting Ukraine. In a June 2024 incident, a suspected cybercrime group deployed commodity malware, compromising at least 50 devices belonging to the Ukrainian military. Nearly 75% of Russian targets were in Ukraine or a NATO member state, Microsoft said.

Iranian nation-state actors have also expanded their tactics, using ransomware aspart of influence operations targeting, in particular, Israel. The campaign focused on a compromised Israeli dating website, with the attackers offering to erase individual profiles from their stolen database for a fee. Simultaneously, Iranian actors have exploited both the Israel-Hamas conflict and the Russia-Ukraine war to intensify disinformation campaigns across digital platforms.

North Korea, known for its financially motivated cyberattacks, is now also deploying ransomware as part of its operations. A new North Korean actor was linked to a custom ransomware variant dubbed “FakePenny,” used to target aerospace and defense companies. The attacks focused on exfiltrating sensitive data before locking networks, combining intelligence gathering with monetization efforts.

While China’s cyber operations have not shown significant shifts in geography or targeting tactics, Taiwan and Southeast Asia remain primary focus. Chinese threat actors have increasingly experimented with artificial intelligence (AI), using AI-generated imagery in disinformation campaigns to influence public perception, though no significant impact has been observed in terms of audience manipulation.

Additionally, Microsoft noted a 2.75x rise in ransomware attacks year-over-year. However, the number of ransomware attacks reaching the encryption stage has dropped threefold, likely due to improved cybersecurity measures. The leading initial access methods remain social engineering tactics, including phishing, identity theft, and exploiting unpatched systems.

Tech scams have also increased 400% since 2022. Microsoft recorded a surge from 7,000 daily scam attempts in 2023 to 100,000 in 2024. Over 70% of malicious infrastructure remains active for less than two hours, complicating detection and response efforts, the company said.