Security Experts:

Connect with us

Hi, what are you looking for?



Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft

According to Microsoft’s 2022 Digital Defense Report, nation-state hacker attacks on critical infrastructure have soared, largely due to Russian cyber operations targeting Ukraine and its allies.

According to Microsoft’s 2022 Digital Defense Report, nation-state hacker attacks on critical infrastructure have soared, largely due to Russian cyber operations targeting Ukraine and its allies.

Between June 2020 and June 2021, 20% of all nation-state attacks observed by Microsoft were aimed at critical infrastructure. That percentage increased to 40% in the period between July 2021 and June 2022.

Critical infrastructure attacks seen by Microsoft

Many of the state-sponsored attacks targeting critical infrastructure in the past year have been attributed by the tech giant to Russia. Unsurprisingly, Russia has increasingly targeted Ukrainian critical infrastructure with cyberattacks meant to cause damage and disruption — this was done to complement its physical military action.

During this period, the world learned about the existence of two sophisticated pieces of malware designed to target industrial control systems (ICS). They have been named Pipedream (Incontroller) and Industroyer2, and they have both been linked to Russia.

In addition, the United States and other Ukrainian allies — many of them NATO countries — have also been increasingly targeted as part of espionage operations.

“Russia also accelerated its attempts to compromise IT firms as a way to disrupt or gain intelligence from those firms’ government agency customers in NATO member countries. 90% of Russian attacks we detected over the past year targeted NATO member states, and 48% of these attacks targeted IT firms based in NATO countries,” Microsoft said.

Other critical infrastructure sectors targeted by threat actors include financial services, transportation systems, and communications infrastructure.

Russia was not the only nation state targeting critical infrastructure. Iran has increasingly targeted the IT industry, as well as other critical infrastructure sectors, including in the United States.

“Iranian actors escalated bold attacks following a transition of presidential power. They launched destructive attacks targeting Israel, and ransomware and hack-and-leak operations beyond regional adversaries to US and EU victims, including US critical infrastructure targets like port authorities. In at least one case, Microsoft detected an attack disguised as a ransomware attack that was intended to erase Israeli data. In another, an Iranian actor executed an attack that set off emergency rocket sirens in Israel,” Microsoft said.

North Korea has continued targeting financial and technology companies in an effort to steal cryptocurrency.

Microsoft has also seen China expanding its global cyberespionage operations. Chinese threat actors often rely on zero-day vulnerabilities to achieve their goals, and Microsoft believes that a law requiring Chinese entities to report discovered vulnerabilities to the government may significantly contribute to this.

“The increased use of zero days over the last year from China-based actors likely reflects the first full year of China’s vulnerability disclosure requirements for the Chinese security community and a major step in the use of zero-day exploits as a state priority,” the company said.

Microsoft’s report also provides data on cybercriminal activity, influence operations, device and infrastructure attacks and threats, and cyber resilience. The full Microsoft Digital Defense Report 2022 is available in PDF format.

Related: Iranian Group Targeting Israeli Shipping and Other Key Sectors

Related: Microsoft Links Exploitation of Exchange Zero-Days to State-Sponsored Hacker Group

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...