Trace Id is missing
Skip to main content
Microsoft Security

Nation State Threats

Develop your response to evolving nation state threats.

Cyber actors have become more brazen and aggressive as geopolitical relationships have broken down

Political developments have shaped the priorities of state sponsored threat groups. Supply chain attacks have increased with a focus on Information Technology companies so as to gain access to downstream customers.

A diagram showing industry sectors targeted by nation state actors

Nation state groups targeted a range of sectors. Russian and Iranian state actors targeted the IT industry as a means to access the IT firms’ customers. Think tanks, nongovernmental organizations (NGOs), universities, and government agencies remained other common targets of nation state actors.

Russia threatening Ukraine and beyond

Russian state actors launched cyber operations during its invasion of Ukraine. Organizations must take measures to harden cybersecurity against threats stemming from these actors.

China expanding global targeting

Widespread Chinese threat activity targeted countries globally, especially smaller nations in Southeast Asia, to gain competitive advantage on all fronts.

Iran growing increasingly aggressive

Iranian actors increased cyberattacks against Israel, expanded ransomware attacks beyond regional adversaries to US and EU victims, and targeted high profile US critical infrastructure.

North Korea pursuing the regime’s goals

North Korea targeted defense and aerospace companies, cryptocurrency, news outlets, defectors, and aid organizations, to build defense, bolster the economy, and ensure domestic stability.

IT supply chain as a gateway to the digital ecosystem

IT services providers are being targeted to attack third-party targets and gain access to downstream clients in government, policy, and critical infrastructure sectors.

A diagram showing two approaches to compromise

This diagram depicts NOBELIUM’s multi-vectored approach to compromising its ultimate targets and the collateral damage to other victims along the way. In addition to the actions shown above, NOBELIUM launched password spray and phishing attacks against the entities involved, even targeting the personal account of at least one government employee as another potential route to compromise.

Rapid vulnerability exploitation

Identification and exploitation of previously unknown vulnerabilities has become a key tactic, with exploits happening increasingly more quickly and at a massive scale.

A diagram outlining speed and scale of vulnerability commoditization

On average, it takes only 14 days for an exploit to be available in the wild after a vulnerability is publicly disclosed. This view provides an analysis of the timelines of exploitation of zero-day vulnerabilities, along with the number of systems vulnerable to the given exploit and active on the internet from the time of first public disclosure.

Cyber mercenaries threaten the stability of cyberspace

A growing industry of private companies is developing and selling advanced tools, techniques, and services to enable their clients (often governments) to break into networks and devices.

Operationalizing cybersecurity for peace and security

We urgently need a consistent, global framework that prioritizes human rights and protects people from reckless state behavior online, to bring stability to cyberspace.

Explore other critical focus areas

The State of Cybercrime

Cybercrime continues to rise, driven by increases in both random and targeted attacks. Attack methods have evolved to create increasingly diverse threats.

Devices and Infrastructure

As organizations harness advances in computing capability and entities digitize to thrive, the attack surface of the digital world is exponentially increasing.

Cyber Influence Operations

Today’s foreign influence operations utilize new methods and technologies, making their campaignsdesigned to erode trust more efficient and effective.

Cyber Resilience

As threats in the cyber landscape increase, building cyber resilience into the fabric of the organization is as crucial as financial and operational resilience.

Read the report and connect with us

Follow Microsoft