In Microsoft’s fifth annual “Digital Defense Report,” the tech giant highlighted the increasing convergence of nation-state threat activity with financially motivated cybercrime, particularly by countries such as Russia and Iran. The report, covering trends observed between July 2023 and June 2024, delves into various cybersecurity issues ranging from fraud to ransomware.
One notable trend identified by Microsoft is the utilization of cybercriminal tools and tactics by state-sponsored actors. This blurring of lines between nation-state activity and cybercrime is concerning, as it raises the complexity and severity of cyber threats. Microsoft noted instances where nation-state actors engaged in operations for financial gain, collaborated with cybercriminals to gather intelligence, and employed malware commonly associated with criminal activity.
For example, Russia has been incorporating commodity malware like Xworm and Remcos remote access Trojans into its cyber arsenal. In a specific incident highlighted in the report, a state-sponsored group affiliated with Russia’s Federal Security Service leveraged these tools to compromise Ukrainian military devices. Furthermore, Microsoft observed instances where compromised devices were passed on to independent cybercriminal gangs for further exploitation, highlighting a worrying trend of collaboration between state and criminal actors.
Iran was also cited for engaging in financially motivated cyber operations, signaling a shift from its previous focus on destructive attacks. One group, tracked as Cotton Sandstorm, was found to be selling stolen data from an Israeli dating website, showcasing a new facet of Iran’s cyber activities. Additionally, Iranian APT groups have been linked to ransomware attacks and acting as access brokers, as per warnings from cybersecurity agencies.
North Korea, known for its state-sponsored cyber activities aimed at financial gain, has been estimated to have stolen billions in cryptocurrency since 2017. Microsoft disclosed the discovery of a new North Korean-backed ransomware actor named Moonstone Sleet, which developed a custom ransomware variant deployed in aerospace and defense organizations. This highlights the evolving strategies of state-sponsored actors in pursuing intelligence gathering and monetization through cyber means.
In light of these escalating threats, Microsoft emphasized the need for a comprehensive approach to deterrence. The company urged for a combination of technological defenses and geopolitical strategies to prevent intrusions and impose consequences on malicious actors. While companies play a key role in fending off attacks, Microsoft stressed the importance of government intervention in enforcing international rules and imposing deterrent measures.
Microsoft proposed several recommendations under three pillars to bolster cybersecurity defenses: strengthening international norms and diplomacy, enhancing government attributions of malicious activity, and implementing deterrent measures. To achieve these goals, Microsoft suggested introducing new norms in international forums, fostering inclusive diplomatic processes, and establishing bilateral agreements to combat state-backed cyber threats.
The findings of Microsoft’s report underscore the evolving landscape of cyber threats, where nation-states increasingly leverage cybercriminal tactics for their strategic objectives. As the digital realm becomes increasingly interconnected, collaboration between governments, private sector entities, and cybersecurity experts is crucial to safeguarding against sophisticated cyber threats.
Croatian 
English 
Albanian 
Serbian 