Russia accounted for 52% of all state-sponsored hacking attacks against the world over a one year period, said a new report from the Microsoft Corporation unit assisting the U.S. Department of Defense thwart these relentless Russian assaults.
Analysis from the Microsoft Threat Intelligence Center (MSTIC) revealed three other states apart from Russia conducted practically all of the attacks it monitored between July 2019 and June 2020.
MSTIC's "Digital Defense Report" also revealed Iran is the second most active against the world with 25% of all attacks monitored. Next in line was China with 12% of attacks followed by North Korea with 11%.
The United States, however, was the prime target of all these four adversary nations. The MSTIC report said 69% of targets were located in the U.S. The United Kingdom is the next most popular victim, being hit 19% of the time. Canada, South Korea and Saudi Arabia are the next most popular targets by state-sponsored hackers.
MSTIC focuses on three U.S. adversaries. One MSTIC group keeps tabs on Russian hackers working under the code-name Strontium. Another group tracks North Korean hackers code-named Zinc. The third group tracks Iranian hackers code-named Holmium.
In September, MSTIC said Strontium attacked over 200 U.S. organizations including political campaigns, advocacy groups, parties and political consultants ahead of the U.S. presidential election in November.
MSTIC tracks over 70 code-named government-sponsored threat groups and many others that are unnamed.
Surprisingly, most of Russian cyber intrusions were directed against non-governmental organizations (NGOs). MSTIC said 90% of attacks hit "NGOs, advocacy groups, human rights organizations and think tanks focused on public policy, international affairs or security."
MSTIC said by targeting these groups, hacker countries hope to influence government policy through subtler means, instead of than targeting infrastructure directly.
"Microsoft observed 16 different nation-state actors either targeting customers involved in the global COVID-19 response efforts or using the crisis in themed lures to expand their credential theft and malware delivery tactics," said Microsoft corporate VP Tom Burt.
"These COVID-themed attacks targeted prominent governmental health care organizations in efforts to perform reconnaissance on their networks or people. Academic and commercial organizations involved in vaccine research were also targeted."
MSTIC said hackers from China concentrate their efforts on medical institutions in the U.S. and Asia to steal proprietary information related to research on COVID-19 cures. Russia has also stolen secret research on coronavirus vaccines from laboratories in the United Kingdom.
MSTIC said the most common tactics of the hackers include gathering information, such as the passwords and addresses of email accounts. Hackers also infecting systems with malware and are "consistently targeting and frequently compromising outdated and unpatched VPN infrastructure".
