Microsoft: Most of the state hacks came from Russia, China, Iran, and North Korea

Microsoft reports in a report that most of the detected state hacks in the past two years were carried out by groups from Russia, China, Iran and North Korea. The United States is said to be the most common target of such hacks.

Microsoft states in its Digital Defense Report, among other things, that the company has sixteen different nation state actors that targeted, for example, individuals and institutions involved in the fight against the coronavirus, such as governmental healthcare organizations. Academic and commercial organizations involved in vaccine development have also been targeted, Microsoft writes.

In its report, Microsoft also mentions the activities of these different actors. They use, among other things, spear phishing attacks combined with infected Word files against humanitarian and medical aid organizations. Microsoft is also observing attacks from China and Russia, among others, that are related to this year’s US elections. Several Olympic sports and anti-doping organizations have also been the target of targeted attacks by state hackers.

An overview of different state actors and their activities and targets. Image via Microsoft

The company also states that most state hack targets are outside of countries’ critical infrastructure. “90 percent of the reports we made in the past year are aimed at organizations that are not managing critical infrastructure.” Targets are nongovernmental organizations, interest groups, human rights organizations and think tanks that focus on government policy, for example.

Most of the state hacks were carried out by groups from Russia, China, Iran and North Korea. In addition, 52 percent of all measured activity came from Russia. The US was the most common target: 69 percent of the more than 13,000 nation state notifications issued by Microsoft over the past two years were for US agencies.

State hackers used different types of attacks to hack targets, according to Microsoft’s report. For example, the company saw an increase in the number password sprayattacks, which, according to Microsoft, indicates that state hackers are employing more “ sophisticated ” reconnaissance tactics. Hackers would mainly target the personal e-mail addresses of employees of organizations. Malware, credential harvesting and VPN exploits are regularly deployed by state actors.

Microsoft also discusses various other security developments. For example, in 2019 the company would have blocked more than 13 billion emails that contained malware or were suspicious. More than a billion of these contain URLs to phishing websites. In addition, ransomware is said to be the most common reason that Microsoft’s incident response team was called in the period from October 2019 to July 2020.

According to the company, cyber criminals have also changed their focus. “In recent years, cyber criminals have focused on malware attacks. More recently, they have shifted their focus to phishing attacks as a more direct means of achieving their goal, namely the credentials of people. ”According to data from Office 365, such criminals regularly impersonate big brands such as Microsoft itself, but also UPS, Amazon, Apple, or Zoom.

In addition, Microsoft discusses working from home and steps that companies and organizations can take to improve their security. This covers issues such as two-factor authentication, backup strategies and IoT security.