Iran, Turkey, Russia, North and South Korea are bases for cyber-attacks of national interest, supports Microsoft.
While more than half of the cyber-attacks detected by Redmond came from Russia, more information from the US company's annual digital defense report on lesser-known cyber-attacks of national interest is of greater interest to the wider world.
"After Russia, the largest volume of attacks we have seen has come from North Korea, Iran and China. "South Korea, Turkey (a newcomer to our report) and Vietnam were also active countries, but they represent a much smaller volume," Microsoft said in a statement announcing its findings.
The usual suspects in Russia, China and North Korea are mentioned in the report, while Vietnam's APT32 was labeled by Microsoft for targeting "human rights and civil society organizations".
"In the last year, espionage, and more specifically intelligence gathering, has been a much more common target than traditional catastrophic attacks," Microsoft said in a report.
The latest addition to the ranks of state-backed threats was Turkey, which stood out for its intrusion into telecommunications in the Middle East and the Balkans.
The UNC1326 team (also known as SeaTurtle) was investigated in depth by Cisco Talos in 2019, which noted that SeaTurtle targets "national security organizations in the Middle East and North Africa" and want to gain "persistent access to sensitive networks". and systems ”
Microsoft he says that SeaTurtle "focused more on countries of strategic interest to Turkey, including Armenia, Cyprus, Greece, Iraq and Syria", scanning its target networks for remote code vulnerabilities.
In addition to state-backed hackers, the Microsoft report states that ransomware criminals target retail, financial services, government agencies, and health care, with the United States being their number one target country.
The next unfortunate target countries of ransomware were China, Japan, Germany and the United Arab Emirates.