Iran, Turkey and both North and South Korea are bases for nation-state cyberattacks, Microsoft claims – as is the old favorite Russia.
While more than half of the cyberattacks detected by Redmond originated in Russia, information from the US Megacorps’ annual Digital Defense Report on lesser-known nation-state cyber attackers is of greater interest to the world.
“After Russia, the largest volume of attacks we observed came from North Korea, Iran and China; South Korea, Turkey (a new participant in our coverage) and Vietnam were also active, but represent a much smaller volume, “MS said in a contribution to the announcement.
While the usual suspects of Russia, China and North Korea are highlighted in the report, Vietnam’s APT32 was highlighted by Microsoft’s Infosec staff for targeting “human rights and civil organizations”.
The Vietnam-affiliated group has a track record of spying not only on them, but also “overseas companies with a particular interest in Vietnam’s manufacturing, consumer goods and hospitality industries,” according to CERT in Thailand.
“Over the past year, espionage, and intelligence gathering in particular, has been a far more common target than destructive attacks,” Microsoft said in its report, focusing on government cybersecurity threats in general rather than Vietnam in particular. “While nations other than Iran largely refrain from destructive attacks, they continue to compromise victims who would be prime candidates for destructive attacks if tensions rise to the point where governments make strategic decisions to escalate cyber warfare.”
Alongside Vietnam, a new entry in the line of government-backed threats, was Turkey, chosen for hacking telecommunications companies in the Middle East and the Balkans. The threat group UNC1326 (also known as SeaTurtle) was reported extensively by Cisco Talos in 2019, which indicated that SeaTurtle was targeting “national security organizations in the Middle East and North Africa” that wanted to gain “persistent access to sensitive networks and systems”. “
Microsoft said SeaTurtle was “most focused on countries of strategic interest to Turkey, including Armenia, Cyprus, Greece, Iraq and Syria” and was looking for exploitable remote code vulnerabilities in the networks of its targets.
Aside from the government-sponsored threats, the Microsoft report found that ransomware criminals are most likely to target retail, financial services, government and health organizations, with the US being their number one target country. The next most unlucky countries for ransomware were China, Japan, Germany, and the United Arab Emirates.
“Less than 20 percent of our customers use strong authentication features like multifactor authentication,” Redmond groaned in his closing remarks, noting that offering MFA “free” did not cause businesses and other organizations to allow this.
If it were, Microsoft believes its security customers are “protected from over 99 percent of the attacks we see today”. The next time your users moan about password policies, it’s worth thinking about it. ®