Microsoft’s new Digital Defense Report finds that Federal agencies and organizations have been the most targeted sector by cyber threat actors since the middle of last year, and that attacks emanating from Russia have been the most frequent.
The report details worldwide cyber threat activity from July 2020 through June of 2021. It found that 48 percent of all these attacks involved government-related targets, with the United States facing nearly half – 46 percent – of all cyberattacks.
“The Microsoft Threat Intelligence Center (MSTIC) and the Digital Security Unit (DSU) have observed that most nation state actors continue to focus operations and attacks on government agencies, intergovernmental organizations (IGOs), nongovernmental organizations (NGOs), and think tanks for traditional espionage or surveillance objectives,” the report states.
These targeted organizations often hold information relevant to an adversary government’s intelligence needs, and an increased reliance on virtual private networks and virtual private servers for remote work has given threat actors new vectors to conduct attacks, the report says.
Among adversarial nation states, the report identifies Russia as the main culprit for cyberattacks – accounting for 58 percent of all cyberattacks against Microsoft customers. Nine Federal agencies were attacked by threat actors with ties to Russia late last year, the report finds.
Those higher-profile attacks against the U.S. include the SolarWinds software supply chain hack, and the Colonial Pipeline ransomware attack. Both of those have helped spur U.S. government policy reactions in the form of the Biden administration’s cybersecurity executive order, and Cybersecurity and Infrastructure Security Agency (CISA) steps to better protect critical infrastructure targets.
“Russia-based threat activity dominated this year, driven by NOBELIUM’s large-scale targeting,” the report states. “NOBELIUM, and its aggressive targeting of IT service providers and Western government institutions, catapulted Russia to the top spot for countries where attacks originated this year.”
NOBELIUM, the report says, was responsible for 92 percent of notifications to Microsoft customers about Russia-based threat activity. The group relies on large quantities of attacks, with each having a low percentage of success.