Connect with us

Hi, what are you looking for?



Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations

US, Ukraine, and Israel remain the most heavily attacked by cyberespionage and cybercrime threat actors, Microsoft says.

The US, Ukraine, and Israel remain the most frequent targets of cyberespionage and cybercrime attacks out of a total of 120 attacked countries, Microsoft says in a new report.

The observed attacks, the tech giant says, were fueled by nation-state spying and influence operations, and more than 40% of the observed attacks targeted critical infrastructure organizations. At times, NATO member states were at the receiving end of half of the observed cyberattacks.

“While headline-grabbing attacks from the past year were often focused on destruction or financial gain with ransomware, data shows the predominant motivation has swung back to a desire to steal information, covertly monitor communication, or to manipulate what people read,” Microsoft notes.

According to the company’s latest Digital Defense Report (PDF – direct download), between July 2022 and June 2023, Russian spy agencies have intensified their attacks in support of the war in Ukraine, while Iranian threat actors have been amplifying manipulative campaigns and targeting sensitive networks for espionage.

Russia and China too have been increasing the scope of their influence operations, the former to intimidate global Ukrainian communities, and the latter to spread covert anti-US propaganda, directly targeting global Chinese-speaking and other communities.

According to the tech giant’s report, state-sponsored threat actors are increasingly employing propaganda to undermine democratic institutions and manipulate national and global opinion.

China has expanded state-sponsored cyberespionage campaigns fueling its Belt and Road Initiative or targeting US military, key facilities, and critical infrastructure, while North Korean hackers were seen targeting a submarine technology company, while continuing to engage in cryptocurrency theft.

“While the US, Ukraine, and Israel continue to be most heavily attacked, the last year has seen an increase in the global scope of attacks. This is particularly the case in the Global South, especially Latin America and sub-Saharan Africa. Iran increased its operations in the Middle East. Organizations involved in policymaking and execution were among the most targeted, in line with the shift in focus to espionage,” Microsoft says.

Advertisement. Scroll to continue reading.

According to the tech giant’s report, state-sponsored threat actors are increasingly employing propaganda to undermine democratic institutions and manipulate national and global opinion.

Microsoft also observed that threat actors are using AI to improve influence operations, but notes that the technology is crucial for defense and for automating and augmenting detection, analysis, response, and prediction.

Since September 2022, Microsoft says, there has been a 200% increase in human-operated ransomware attacks, targeting organizations with customized ransom demands. Since November 2022, the instances of data exfiltration following compromise have doubled, Microsoft’s report shows.

The tech giant also notes that more than 80% of all observed compromises originated from unmanaged or bring-your-own devices and that ransomware operators are exploiting flaws in less common software, to avoid prediction.

The report also shows that the number of password-based and multi-factor authentication (MFA) fatigue attacks has increased. Over the past year, Microsoft observed roughly 6,000 MFA fatigue attempts per day and, in 2023, an average of 4,000 password attacks per second.

Related: ICS Computers in Western Countries See Increasing Attacks: Report

Related: Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs

Related: Mandiant 2023 M-Trends Report Provides Factual Analysis of Emerging Threat Trends

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.