Please fill in the form below to subscribe to our blog

9 in 10 Organizations Have Been Targeted by Nation-State Cybercrime

April 22, 2022

Nation-State Cybercrime is a Growing Threat. Are You Ready for It?


Nation-state cybercrime has been at the forefront of tech news thanks to an unprecedented amount of activity spurred by Russia’s invasion of Ukraine. But while it may be getting more headlines lately, it’s been a major threat to businesses for years, and that threat is escalating. Nation-state cybercriminals have steadily increased their scope of work, putting organizations in every sector in danger of a nation-state attack. A recent study by Trellix and the Center for Strategic and International Studies (CSIS) revealed that nearly nine in 10 (86%) organizations believe they have been targeted by a nation-state threat actor.  


Excerpted in part from our eBook How Nation-State Cybercrime Affects Your Business DOWNLOAD IT>>


See the top 5 risks businesses face from nation-state cybercrime and how to stay out of trouble. GET LIST>>


Where Are Nation-State Threats Coming From?


Many of the surveyed companies suspect that specific state-aligned groups of threat actors are behind the threats they’ve encountered, but they don’t feel confident in their ability to make that determination. Only 27% of survey respondents felt like they could accurately determine whether or not a cyberattack has nation-state origins. How are nation-state cybercriminals most likely to attack businesses? Through spear phishing and ultimately, ransomware or other malware. Ransomware is the preferred weapon of nation-state cybercriminals. 

The majority of those hazarding a guess landed on Russia (39%) and China (35%) as the most likely perpetrators of the attacks that they experienced. They also see Russia and China as the most likely points of origin for nation-state attacks that threaten their organization in the next 18 months. If the pattern of nation-state attacks in 2022 follows the lines of nation-state cybercrime in 2021, that’s a pretty fair assessment.  


Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>


The Players on the Scene 


Many nations around the world are involved in nation-state cybercrime to further their political, ideological or financial goals. Sometimes, it’s a combination of all of those reasons that spurs nation-state action. These facts about countries that are active in the nation-state cybercrime space offer a quick overview of the ecosystem and how it impacts business risk.  

In the 2021 Microsoft Digital Defense Report, the company shared valuable insight on the activities of nation-state cybercriminals in 2021 and how their attack patterns are evolving.  

  • 58% of all nation-state attacks in the last year were launched by Russian nation-state actors 
  • Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021 
  • After Russia, the largest volume of attacks observed came from North Korea, Iran and China; South Korea, Turkey (a new entrant) and Vietnam were also active but represent much less volume. 
  • 21% of attacks observed across nation-state actors targeted consumers   
  • 79% of attacks observed across nation-state actors targeted enterprises 

Get a step-by-step guide to building an effective security and compliance awareness training program. GET GUIDE>>


The Field is Crowded


The International Institute for Strategic Studies classified the strategic or nation-state cyber capabilities of 15 countries and published its findings in the whitepaper Cyber Capabilities and National Power: A Net Assessment. The countries were ranked based on their proficiency in key areas and their development of effective technology that facilitates nation-state cyber activity. The “big 4” sponsors of nation-state cybercrime groups are Russia, China, North Korea and Iran.  

Tier 1: The United States 

Tier 2: Australia, Canada, China, France, Israel, Russia and the United Kingdom 

Tier 3: India, Indonesia, Iran, Japan, Malaysia, North Korea, and Vietnam 


Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>


Examples of Nation-State Cyberattacks Directly Impacting Businesses 


The Center for International and Strategic Studies has an excellent breakdown on recent notable nation-state cybercrime activity that impacted private industry. 

March 2022. An attack on a satellite broadband service run by the American company Viasat disrupted internet service across Europe, impacting Ukrainian military communications at the start of the Russian invasion. The attackers hacked satellite modems belonging to thousands of Europeans to disrupt the company’s service.  

February 2022. Researchers identified campaigns by two North Korean government-backed groups targeting employees across numerous media, fintech and software companies. The hackers used phishing emails advertising fake job opportunities and exploited a vulnerability in Google Chrome to compromise the companies’ websites and spread malware. 

February 2022. In the days before Russian troops invaded Ukraine, Russian threat actors distributed data-wiping malware to one Ukrainian financial institution and two government contractors. A DDoS attack also knocked Ukraine’s two largest banks offline. At the same time, nation-state actors conducted a misinformation effort during which Ukrainian citizens received spam text messages claiming that ATMs were not working.  

February 2022. Multiple oil terminals in some of Europe’s biggest ports across Belgium and Germany fell victim to a cyberattack, rendering them unable to process incoming barges. A ransomware strain associated with a Russian-speaking hacking group was used to disrupt the ability of energy companies to process payments.    


"cyber attack" written in a grafitti style with the letters slightly blurred to indicate signal interference in black on a white background framed in yellow

Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>


February 2022. An investigation led by Mandiant discovered that hackers linked to the Chinese-government compromised email accounts belonging to Wall Street Journal journalists. The hackers allegedly surveilled and exfiltrated data from the newspaper for over two years beginning in at least February 2020.    

February 2022. A U.N. report claimed that North Korea hackers stole more than $50 million between 2020 and mid-2021 from three cryptocurrency exchanges. The report also added that in 2021 that amount likely increased, as the DPRK launched 7 attacks on cryptocurrency platforms to help fund their nuclear program in the face of a significant sanctions regime.  North Korea pulled in an estimated $1 billion in revenue from nation-state cybercrime in 2021. 

January 2022. A Chinese hacking group breached several German pharma and tech firms. According to the German government, the hack into the networks of service providers and companies was primarily an attempt to steal intellectual property.  

October 2021. A US company announced that the Russian Foreign Intelligence Service (SVR) launched a campaign targeting resellers and other technology service providers that customize, deploy and manage cloud services.  


Be the hero that defeats your company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>


High-Risk Sectors 


A study by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and sponsored by HP, Nation States, Cyberconflict and the Web of Profit shows that nation-state cybercrime risk is growing fast. The researchers’ analysis of over 200 cybersecurity incidents associated with nation-state threat actors since 2009 also shows the shift in their targeting to become a serious threat to businesses. Enterprise is now the most common target of state-sponsored cybercriminals, beating out government-associated targets by a substantial margin. 

Targets of Nation-State Cyberattacks  % of Total
Enterprises 35% 
Cyber Defense Assets 25%  
Media & Communications 14%
Government Bodies 12% 
Critical Infrastructure 10%  

Source: Dr. Mike McGuire and HP, Nation States, Cyberconflict and the Web of Profit   


The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>


Put the Right Solutions to Work for You to Avoid Nation-State Trouble 


Step up your security awareness training program to create a powerful defense against all kinds of cyberattacks, even nation-state attacks. The newly revamped BullPhish ID is the ideal choice.  

  • Security awareness and compliance training helps prevent expensive cybersecurity incidents and compliance failures  
  • Empower employees with the knowledge that they need to spot and stop the threat they see the most: phishing  
  • At least 4 new training videos are added every month on the latest security and compliance issues.  

Stop credential compromise threats before they start by ensuring that your company isn’t going to receive a nasty surprise from the dark web with the leading dark web monitoring solution in the channel, Dark Web ID.  

  • 24/7/365 monitoring that you can feel confident about   
  • Real-time analysis alerts you to trouble fast  
  • Monitor business and personal credentials, domains, IP addresses and email addresses 

Don’t just take our word for it, see what these customers have to say: https://www.idagent.com/case-studies/ 


Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>



let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>