Iran, Turkey, Russia, North and South Korea are fundamentals for cyber-attacks of national interest, supports Microsoft.
While more than half of the cyberattacks detected by the Redmond came from Russia, of more interest to the wider world is the information from the US company's annual digital defense report about lesser-known cyberattacks of national interest.
"After Russia, the largest volume of attacks we have seen has come from North Korea, Iran and China. "South Korea, Turkey (a newcomer to our report) and Vietnam were also active countries, but they represent a much smaller volume," Microsoft said in a statement announcing its findings.
The usual suspects in Russia, China and North Korea are mentioned in the report, while Vietnam's APT32 was labeled by Microsoft for targeting "human rights and civil society organizations".
"In the last year, espionage, and more specifically, the collection of information, was a much more common target than traditional destructive attacks,” Microsoft said in its report.
The newest addition to the ranks of state-sponsored threats was Turkey, which stood out for its invasion of telecommunications in the Middle East and the Balkans.
The UNC1326 team (also known as SeaTurtle) was investigated in depth by Cisco Talos in 2019, which noted that SeaTurtle targets "national security organizations in the Middle East and North Africa" and want to gain "persistent access to sensitive networks". and systems ”
Microsoft he says that SeaTurtle "focused more on countries of strategic interest to Turkey, including Armenia, Cyprus, Greece, Iraq and Syria", scanning its target networks for remote code vulnerabilities.
In addition to state-backed hackers, the Microsoft report states that ransomware criminals target retail, financial services, government agencies, and health care, with the United States being their number one target country.
The next unfortunate target countries of ransomware were China, Japan, Germany and the United Arab Emirates.
