X
    Categories: 2021

Never mind Russia: Turkey and Vietnam are Microsoft’s new state-backed hacker threats du jour

The Register

Never mind Russia: Turkey and Vietnam are Microsoft's new state-backed
hacker threats du jour

[It isn't just the big dogs preparing to bite, warns Redmond]

By Gareth Corfield
Oct. 8, 2021

Iran, Turkey and both North and South Korea are bases for nation-state
cyber attacks, Microsoft has claimed – as well as old favourite
Russia.

While more than half of cyberattacks spotted by Redmond came from
Russia, of more interest to the wider world is information from the US
megacorp's annual Digital Defence Report about lesser-known nation
state cyber-attackers.

"After Russia, the largest volume of attacks we observed came from
North Korea, Iran and China; South Korea, Turkey (a new entrant to our
reporting) and Vietnam were also active but represent much less
volume," said MS in a post announcing its findings.

While the usual suspects of Russia, China and North Korea are
highlighted in the report, Vietnam's APT32 was highlighted by
Microsoft's infosec people for targeting "human rights and civil
organisations."

The Vietnam-linked group has a track record of not only spying on
these but also "foreign corporations with a vested interest in
Vietnam's manufacturing, consumer products, and hospitality sectors",
according to Thailand's CERT.

"In the last year, espionage, and more specifically, intelligence
collection, has been a far more common goal than destructive attacks,"
said Microsoft in its report, focusing on state threats to cyber
security in general rather than Vietnam specifically. "While nations
other than Iran mostly refrained from destructive attacks, they did
continue to compromise victims that would be prime candidates for
destructive attacks if tensions increased to the point where
governments made strategic decisions to escalate cyber warfare."

Alongside Vietnam as a newer entrant to the ranks of state-backed
threats was Turkey, singled out for hacking Middle Eastern and Balkans
telcos. Threat group UNC1326 (aka SeaTurtle) was previously reported
on in depth by Cisco Talos in 2019, which pointed out that SeaTurtle
was targeting "national security organisations in the Middle East and
North Africa" that wanted to gain "persistent access to sensitive
networks and systems."

Microsoft said SeaTurtle was "most heavily focused on countries of
strategic interest to Turkey including Armenia, Cyprus, Greece, Iraq,
and Syria," scanning for exploitable remote code vulnerabilities in
its targets' networks.

Aside from the state-backed threats, the Microsoft report noted that
ransomware criminals were most likely to target retail, financial
services, government and healthcare orgs, with the US being their
number one target nation. The next unluckiest countries as far as
ransomware was concerned were China, Japan, Germany and the United
Arab Emirates.

"Fewer than 20 per cent of our customers are using strong
authentication features like multifactor authentication," groaned
Redmond in its closing remarks, noting that offering MFA "for free"
wasn't spurring companies and other organisations into enabling it.

If they did, Microsoft thinks its security customers would "be
protected from over 99 per cent of the attacks we see today."
Something worth thinking about next time your users are moaning about
password policies


 

Boris Nahapetian: