Security News > 2021 > October > Never mind Russia: Turkey and Vietnam are Microsoft's new state-backed hacker threats du jour
Iran, Turkey and both North and South Korea are bases for nation-state cyber attacks, Microsoft has claimed - as well as old favourite Russia.
"After Russia, the largest volume of attacks we observed came from North Korea, Iran and China; South Korea, Turkey and Vietnam were also active but represent much less volume," said MS in a post announcing its findings.
The Vietnam-linked group has a track record of not only spying on these but also "Foreign corporations with a vested interest in Vietnam's manufacturing, consumer products, and hospitality sectors", according to Thailand's CERT. "In the last year, espionage, and more specifically, intelligence collection, has been a far more common goal than destructive attacks," said Microsoft in its report, focusing on state threats to cyber security in general rather than Vietnam specifically.
Alongside Vietnam as a newer entrant to the ranks of state-backed threats was Turkey, singled out for hacking Middle Eastern and Balkans telcos.
Microsoft said SeaTurtle was "Most heavily focused on countries of strategic interest to Turkey including Armenia, Cyprus, Greece, Iraq, and Syria," scanning for exploitable remote code vulnerabilities in its targets' networks.
Aside from the state-backed threats, the Microsoft report noted that ransomware criminals were most likely to target retail, financial services, government and healthcare orgs, with the US being their number one target nation.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/10/08/microsoft_digital_defence_report/
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)