Cyberattacks around the world are less destructive and more focused on espionage operations, in the wake of the war in Ukraine and the tightening of global geopolitics, says a Microsoft report released Thursday.
According to the “Microsoft digital defense report” (MDDR) of the American group, the cyber activities of States and private actors affiliated with them “have abandoned destructive attacks – intended to directly harm the target – for a year in favor of large-scale campaigns of espionage”, much more difficult to perceive.
The activists supported by Moscow and Tehran “increased their capacity to collect” information, specifies the document, noting that “nearly 50% of the destructive Russian attacks observed against Ukrainian networks occurred in the first six weeks of the war” before declining.
“Manipulate opinions”
The American web giant highlights the growing link between cyber operations and propaganda. With the aim of “manipulating global and national opinions to weaken the democratic institutions” of their adversaries, in particular by exploiting existing societal fractures.
In this regard, the expansion of Russian cyber activities suggests that “any government […] or essential infrastructure of a country that provides political, military or humanitarian assistance to Ukraine” is at risk of being targeted. While 48% of Russian attacks targeted targets in Ukraine, a third of them were directed against NATO countries, including the United States, Britain and Poland.
In its review of the United States’ adversaries, Microsoft notes that “Chinese state-sponsored cyber activity around the South China Sea reflects Beijing’s strategic objectives in the region and has increased tensions with Taiwan.” But many operations “appear linked to intelligence collection objectives”.
Rise of Iran and North Korea
The company notes that both Iran and North Korea “have demonstrated greater sophistication in their cyber operations, narrowing the gap” with the great powers that are, in this area, China and Russia.
Tehran is thus showing increased aggressiveness against what it “perceives as the efforts of Western powers to foment unrest” in Iran, while strengthening its coordination with Moscow.
As for North Korea, its operations aim to “collect intelligence on the political projects of these adversaries, […] the military capabilities of other countries in order to improve their own, and steal cryptocurrencies to finance the state.”
The MDDR finally warns of the growing coordination between States and “hacktivists” as the conflict in Ukraine progresses, and the global proliferation of non-state actors that it describes as “cyber mercenaries”.
“The massive growth of this market poses a real threat to democracy, global stability and the security of the online environment. »