Drew Angerer/Getty Images
show image

Microsoft reveals scale of nation-state attacks targeting customers

More than 8,000 of Microsoft’s enterprise customers have been targeted by nation-state hackers over the past year, new research has revealed.

While the vast majority of incidents were not tied to political meddling, some instances “appear to be related to ongoing efforts to attack the democratic process”, according to Microsoft security chief Tom Burt.

In a blog published on Wednesday (17 July), Burt wrote: “This data demonstrates the significant extent to which nation-states continue to rely on cyber attacks as a tool to gain intelligence, influence geopolitics or achieve other objectives.” Burt did not say how many of the attacks were successful.

Over the last 12 months, the majority of attacks observed by Microsoft’s researchers originated from a small number of threat groups located in Russia, Iran and North Korea.

“We have seen extensive activity from the actors we call Holmium and Mercury operating from Iran, Thallium operating from North Korea, and two actors operating from Russia we call Yttrium and Strontium,” Burt revealed. “Let’s be clear – cyber attacks continue to be a significant tool and weapon wielded in cyber space.”

Strontrium, better known as FancyBear, is arguably the world’s most infamous hacking group. It is believed to be behind the NotPetya virus, VPN Filter and a string of politically-motivated attacks on European government and the US, including the DNC. Holium, meanwhile, is a code name used to refer to Iran’s APT33, a powerful hacking group called out by the US earlier this month for exploiting old Outlook vulnerabilities.

The US and UK have become increasingly vocal in calling out nation-state attacks over the last two years. But efforts to create an international pact on cyber warfare have so far fallen flat. While a cyber security accord launched by France last year attracted more than 50 countries’ signatures, the US, Russia and China all refused to sign up.

Microsoft president Brad Smith, who was one of the original champions of the new set of rules, said responsibility for peace in cyber space extended beyond just the tech industry. “While the tech sector has the first and highest responsibility to protect this technology and the people who rely upon it, this is an issue that requires that governments, companies and civil society come together,” he wrote in November.