State-sponsored cyber crime is officially out of control
North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns


Two-thirds of attributable cyber attacks now come from state-backed attackers, lending weight to warnings from national security agencies about the scale of the threats faced by enterprises and public services alike.
Analysis from Netskope shows a marked escalation in state-sponsored attacks in recent years, with the company warning this trend shows no sign of slowing down.
Sanjay Beri, CEO and co-founder of Netskope, said cyber attacks waged by nation state actors now represent a form of ‘quiet war’.
"Under the surface of this worldwide escalation is a varied picture of different states pursuing widely divergent cyber attack strategies,” he said.
While attention has largely focused on the risks from Russia, China and Iran, data from Netskope indicates that North Korea is currently the world's biggest offender in terms of the number of victims.
It's been targeting victims en-masse through cyber crime and cryptocurrency theft, with the goal of stealing money to fund its military.
China and Russia, meanwhile, account for the second and third greatest number of attacks. Unlike North Korea, however, their goal is to disrupt and damage highly targeted pieces of critical national infrastructure, leading to a smaller number of higher impact, more targeted attacks.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Examples include the targeting of NHS England and the Electoral Commission, both of which were highly disruptive.
"The difference between North Korea’s cyber ‘carpet bombing’ and Russia’s ‘precision strikes’ means that if you’ve fallen victim to an online phishing attack, it’s unlikely that Russian government-backed actors were the cause," said Beri.
"If, however, a critical piece of national infrastructure is down, then it’s more likely that they are. Understanding these nuances is critical for businesses and individuals operating in today’s connected world - because the first and most important step in putting in place the best cyber defense strategy is understanding who is targeting you, what their goals are, and how they’re trying to achieve them."
State sponsored cyber attacks are wreaking havoc
Earlier this summer, the UK’s National Cyber Security Centre (NCSC), along with US and South Korean authorities, warned that a North Korea-linked threat group known as Andariel was compromising organizations around the world to steal sensitive and classified technical information and intellectual property data.
RELATED WHITEPAPER
While it mainly targeted defense, aerospace, nuclear, and engineering entities, it also hit organizations in the medical and energy sectors to a lesser extent, stealing information such as contract specification, design drawings, and project details.
In March this year, the UK government warned that the Chinese state-sponsored attacks on parliamentarians and on the Electoral Commission would not be tolerated.
This particular incident prompted the government to summon the Chinese Ambassador and sanction a front company and two individuals identified as members of the APT31 hacking group.
Similarly, late last year, Russian-backed threat actors were thrust into the spotlight after the NCSC exposed a campaign by Russian Intelligence Services to interfere in UK politics and democratic processes.
More from ITPro
- The Iran cyber threat: Breaking down attack tactics
- State-sponsored cyber attacks: The new frontier
- What threat do nation state hackers pose to businesses?
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
By Jane McCallion
-
Why veterans can excel in data centers – and could help the IT sector address its skill shortages
In-depth Ex-military workers can bring software and hardware to civilian roles
By John Loeppky
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilities
News Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
By Emma Woollacott
-
"Thinly spread": Questions raised over UK government’s latest cyber funding scheme
The funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
By George Fitzmaurice
-
Modern enterprise cybersecurity
whitepaper Cultivating resilience with reduced detection and response times
By ITPro
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainability
whitepaper CIOs are facing two conflicting strategic imperatives
By ITPro
-
The NCSC and FBI just issued a major alert over a state-backed hacker group – here’s what you need to know
News State-affiliated attackers are targeting individuals via spear-phishing techniques, according to the NCSC
By Emma Woollacott
-
UK's data protection watchdog deepens cooperation with National Crime Agency
News The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
By Emma Woollacott
-
The NCSC wants to know how your business is using honeypots to combat hackers
News The NCSC hopes to encourage the use of cyber deception techniques within the UK, across government and critical national infrastructure
By Emma Woollacott
-
NCSC Active Cyber Defence 2.0 refresh looks to tailor services to the security market and threat landscape
News The NCSC plans to update its Active Cyber Defence program, introducing a refresh to keep the initiative up to date with the current threat landscape
By Solomon Klappholz