Nation-state cyberattacks are becoming more frequent and complex, with hackers increasingly targeting private companies and non-governmental organizations (NGOs), according to the latest Microsoft Digital Defense Report.
While cybercriminals remain the largest threat by volume, Microsoft said state-sponsored hackers continue to focus on espionage and, in some cases, financial gain.
“Geopolitical objectives continue to drive a surge in state-sponsored cyber activity, with a notable expansion in targeting communications, research, and academia,” said Amy Hogan-Burney, corporate vice president of Customer Security & Trust at Microsoft, in a blog post.
The report found that China, Iran, Russia, and North Korea are among the countries most actively conducting cyber operations.
China’s state-linked groups are targeting multiple industries to conduct espionage and steal sensitive data. Microsoft said Chinese actors have been attacking NGOs to gather intelligence and are exploiting vulnerable internet-connected devices to gain access while avoiding detection. These groups are also becoming faster at taking advantage of newly discovered software flaws.
Iranian hackers have widened their scope, targeting organizations from the Middle East to North America. The report cited recent attacks by three Iranian state-affiliated groups on shipping and logistics companies in Europe and the Persian Gulf. Microsoft said these attacks could be an attempt to keep access to company data or to prepare for possible disruptions in shipping operations.
Russia’s cyber operations remain focused on the war in Ukraine but are also extending to other targets. Microsoft observed Russian actors attacking small businesses in countries supporting Ukraine, possibly using them as entry points to larger organizations. The report said all 10 countries most affected by Russian cyber activity outside Ukraine are members of the North Atlantic Treaty Organization (NATO), a 25% increase compared to the previous year.
Microsoft also noted that Russian groups are increasingly working with the bigger cybercriminal ecosystem to carry out their operations.
North Korean hackers continue to pursue cyber activities to generate income and gather intelligence. The report said thousands of state-linked North Korean IT workers are applying for remote jobs worldwide, funneling their earnings back to the regime. In some cases, when their activities are discovered, these workers resort to extortion to keep the money flowing.
“The cyber threats posed by nation-states are becoming more expansive and unpredictable,” Hogan-Burney said.
Microsoft warned that the growing collaboration between nation-state actors and cybercriminals makes it harder to trace attacks and identify the perpetrators. The company urged organizations to stay informed about emerging threats, strengthen cybersecurity measures, and work closely with both industry peers and governments to address the risks posed by state-sponsored hackers.