Russia accounted for the majority of state-sponsored attacks over the past year, with the SolarWinds attackers dominating threat activity, according to Microsoft data.

The firm’s Digital Defense Report 2021 covers the period from July 2020 to June 2021 and details state and cybercrime activity.

Kremlin-backed raids accounted for 58% of all nation-state attacks during the period, with Nobelium (aka APT29, Cozy Bear) generating the vast majority (92%) of notifications Microsoft made to customers about attacks.

The threat group was responsible for the notorious and highly sophisticated SolarWinds campaign, which compromised at least nine US government departments.

Worryingly, Microsoft claimed that Russian state-backed attacks are increasingly successful: compromise rates jumped from 21% to 31% year on year.

They’re mainly focused on intelligence gathering from government agencies in the US, UK and Ukraine.

After Russia, the largest volume of attacks came from North Korea (23%), Iran (11%), and China (8%). It’s not always about cyber espionage: Iran has ramped up destructive attacks against Israel, while North Korea continues to generate funds by targeting cryptocurrency companies, according to Microsoft.

China appears more traditional in its intelligence-gathering activities. However, it has used a range of previously unidentified vulnerabilities to achieve these ends, particularly the Hafnium attacks on Exchange servers earlier this year.

Source: Infosecurity Magazine