Cyber actors have become more brazen and aggressive as geopolitical relationships have broken down
Political developments have shaped the priorities of state sponsored threat groups. Supply chain attacks have increased with a focus on Information Technology companies so as to gain access to downstream customers.
Nation state groups targeted a range of sectors. Russian and Iranian state actors targeted the IT industry as a means to access the IT firms’ customers. Think tanks, nongovernmental organizations (NGOs), universities, and government agencies remained other common targets of nation state actors.
Russia threatening Ukraine and beyond
Russian state actors launched cyber operations during its invasion of Ukraine. Organizations must take measures to harden cybersecurity against threats stemming from these actors.
China expanding global targeting
Widespread Chinese threat activity targeted countries globally, especially smaller nations in Southeast Asia, to gain competitive advantage on all fronts.
Iran growing increasingly aggressive
Iranian actors increased cyberattacks against Israel, expanded ransomware attacks beyond regional adversaries to US and EU victims, and targeted high profile US critical infrastructure.
North Korea pursuing the regime’s goals
North Korea targeted defense and aerospace companies, cryptocurrency, news outlets, defectors, and aid organizations, to build defense, bolster the economy, and ensure domestic stability.
IT supply chain as a gateway to the digital ecosystem
IT services providers are being targeted to attack third-party targets and gain access to downstream clients in government, policy, and critical infrastructure sectors.
This diagram depicts NOBELIUM’s multi-vectored approach to compromising its ultimate targets and the collateral damage to other victims along the way. In addition to the actions shown above, NOBELIUM launched password spray and phishing attacks against the entities involved, even targeting the personal account of at least one government employee as another potential route to compromise.
Rapid vulnerability exploitation
Identification and exploitation of previously unknown vulnerabilities has become a key tactic, with exploits happening increasingly more quickly and at a massive scale.
On average, it takes only 14 days for an exploit to be available in the wild after a vulnerability is publicly disclosed. This view provides an analysis of the timelines of exploitation of zero-day vulnerabilities, along with the number of systems vulnerable to the given exploit and active on the internet from the time of first public disclosure.
Cyber mercenaries threaten the stability of cyberspace
A growing industry of private companies is developing and selling advanced tools, techniques, and services to enable their clients (often governments) to break into networks and devices.
Operationalizing cybersecurity for peace and security
We urgently need a consistent, global framework that prioritizes human rights and protects people from reckless state behavior online, to bring stability to cyberspace.
Explore other critical focus areas
The State of Cybercrime
Cybercrime continues to rise, driven by increases in both random and targeted attacks. Attack methods have evolved to create increasingly diverse threats.
Devices and Infrastructure
As organizations harness advances in computing capability and entities digitize to thrive, the attack surface of the digital world is exponentially increasing.
Cyber Influence Operations
Today’s foreign influence operations utilize new methods and technologies, making their campaignsdesigned to erode trust more efficient and effective.
Cyber Resilience
As threats in the cyber landscape increase, building cyber resilience into the fabric of the organization is as crucial as financial and operational resilience.
Follow Microsoft Security