Iran, Turkey, Russia, North and South Korea are bases for cyber-attacks of national interest, supports Microsoft.
While more than half of the cyber-attacks detected by Redmond came from Russia, more information from the US company's annual digital defense report on lesser-known cyber-attacks of national interest is of greater interest to the wider world.
"After Russia, the largest volume of attacks we have seen has come from North Korea, Iran and China. "South Korea, Turkey (a newcomer to our report) and Vietnam were also active countries, but they represent a much smaller volume," Microsoft said in a statement announcing its findings.
The usual suspects in Russia, China and North Korea are mentioned in the report, while Vietnam's APT32 was labeled by Microsoft for targeting "human rights and civil society organizations".
"In the last year, espionage, and more specifically intelligence gathering, has been a much more common target than traditional catastrophic attacks," Microsoft said in a report.
The latest addition to the ranks of state-backed threats was Turkey, which stood out for its intrusion into telecommunications in the Middle East and the Balkans.
The UNC1326 (aka SeaTurtle) group was investigated in depth by Cisco Talos in 2019, whichsignalnot that SeaTurtle is targeting “national organizations better safetyin the Middle East and North Africa” and want to gain “persistent access to sensitive networks and systems”
Microsoft he says that SeaTurtle "focused more on countries of strategic interest to Turkey, including Armenia, Cyprus, Greece, Iraq and Syria", scanning its target networks for remote code vulnerabilities.
Except from hackers supported by the state, Microsoft's report states that criminals of ransomware they target retail, financial services, government and healthcare organizations, with the US being their number one target country.
The next unfortunate target countries of ransomware were China, Japan, Germany and the United Arab Emirates.