Iran, the Turkey, Russia, North and South Korea are bases for cyberattacks of national interest, supports Microsoft.
While more than half of the cyber-attacks detected by Redmond came from Russia, more information from the US company's annual digital defense report on lesser-known cyber-attacks of national interest is of greater interest to the wider world.
"After Russia, the largest volume of attacks we have seen has come from North Korea, Iran and China. "South Korea, Turkey (a newcomer to our report) and Vietnam were also active countries, but they represent a much smaller volume," Microsoft said in a statement announcing its findings.
The usual suspects of Russia, the China and North Korea are mentioned in the report, while Vietnam's APT32 was singled out by Microsoft for targeting "human rights and civil society organizations".
"In the last year, espionage, and more specifically intelligence gathering, has been a much more common target than traditional catastrophic attacks," Microsoft said in a report.
The latest addition to the ranks of state-backed threats was Turkey, which stood out for its intrusion into telecommunications in the Middle East and the Balkans.
The UNC1326 (aka SeaTurtle) group was investigated in depth by Cisco Talos in 2019, whichsignalSeaTurtle is targeting "national security organizations in the Middle East and North Africa" and they want to gain "persistent access to sensitive networks and systems"
Microsoft he says that SeaTurtle "focused more on countries of strategic interest to Turkey, including Armenia, Cyprus, Greece, Iraq and Syria," scanning for remote vulnerabilities code the networks of its targets.
In addition to state-backed hackers, the Microsoft report states that ransomware criminals target retail, financial services, government agencies, and health care, with the United States being their number one target country.
The next unfortunate target countries of ransomware were China, Japan, Germany and the United Arab Emirates.