Nation-State Cyber Attacks – Recent Trends

Nation-State Cyber Attacks – Recent Trends


This post is also available in: heעברית (Hebrew)

Russia accounted for 58% of nation-state cyberattacks observed in the past year, according to a recent Microsoft study. Most of these attacks targeted government agencies involved in foreign policy, national security, or defense.

Covering the period from July 2020 to June 2021, the Microsoft Digital Defense Report 2021 

claims that attacks from Russian nation-state actors are “increasingly effective,” jumping from a 21% successful compromise rate last year to a 32% rate this year. Also, the rate of targeting government agencies for intelligence gathering has climbed from 3% of their targets a year ago to 53% in 2021.

Which other players were behind cyber attacks? After Russia, the largest volume of attacks have come from North Korea (23%), followed by Iran (11%), China (8%), and South Korea, Vietnam, Vietnam, and Turkey (a new entrant) all with less than 1% representation. 

Interested in learning more about defensive and offensive cyber? Attend INNOTECH 2021 Cyber, HLS, and Innovation Event at Expo Tel Aviv, Nov. 17-18.

The top three countries targeted by Russian nation-state actors were the U.S., Ukraine, and the UK.

While espionage is the most common goal for nation-state attacks, some attacker activities reveal other goals, including Iran, which quadrupled its targeting of Israel in the past year, according to citing the report.

Meanwhile, China is also using its intelligence gathering for a variety of purposes and has been targeting entities in India, Malaysia, Mongolia, Pakistan, and Thailand to glean social, economic, and political intelligence about its neighboring countries.

Cybercrime – especially ransomware – remains a serious and growing plague in this year’s report. The top five industries targeted in the past year based on ransomware engagements by Microsoft’s Detection and Response Team (DART) are consumer retail (13%), financial services (12%), manufacturing (12%), government (11%), and health care (9%). 

The U.S. is by far the most targeted country, receiving more than triple the ransomware attacks of the next most targeted nation. The U.S. is followed by China, Japan, Germany, and the United Arab Emirates (UAE).