Over 50% of all cyberattacks originating in Russia target the US

William S. | December 07, 2022

Russian state-sponsored cyberattacks are used as a weapon to further intimidate Ukraine and other Western countries.

According to the data presented by the Atlas VPN team, 55% of cyberattacks originating in Russia targeted the United States. The United Kingdom, Canada, and Germany are among other top targets.

The data is based on the Microsoft Digital Defense Report 2022. The study’s numbers, insights, and events are from July 2021 through June 2022. The research illuminates nation-state threats and the landscape of cybercrime worldwide.

Russian state-sponsored threat actors targeted the United States in 55% of their cyberattacks. Organizations and government agencies in the United Kingdom were a target in 8% of cyberattacks. Furthermore, 3% of attacks originating in Russia were directed at Canada.

Even though Russia started a full-on war against Ukraine, only 2% of their cyberattacks targeted the country. Russian state-sponsored threat actors launched attacks against government institutions to disrupt their usual services and critical energy infrastructure to leave people without electricity. However, our other reports show that Ukraine became a much more common target.

Switzerland was also a target in 2% of Russian cyberattacks. At the same time, attacks on other Western countries and Baltic states made up 27% of all state-sponsored attacks. Such threats against the US and Western Europe are Russia’s response to sanctions and military aid to Ukraine.

Most targeted industries

State-sponsored hackers usually target specific industries to create as much chaos as possible. Whether it would be DDoS attacks to disrupt government websites services or a malware campaign to steal sensitive information, such cybercriminals are usually sophisticated and difficult to detect.

The information technology industry was the target in 29% of Russian-sponsored attacks. Russian state threat groups launched attacks against the IT sector to gain access to government and other sensitive networks. Access to those networks would help cybercriminals to spread destructive malware.

Russian-sponsored state threat actors launched 18% of their attacks on nongovernmental organizations (NGOs). As NGOs raise billions of dollars yearly, cybercriminals can use them to earn quick money. On other occasions, attacks on NGOs can be carried out to prevent them from doing their activities.

In addition, 12% of cyberattacks originating in Russia targeted government agencies and services. Government institutions are attacked to steal potentially sensitive data, such as employee names, email addresses, and passwords. Besides, DDoS attacks on government websites can severely disrupt their usual services.

Russian hackers targeted 12% of their cyberattacks on education organizations. Furthermore, 5% of cyberattacks originating in Russia were launched at financial service institutions. Finally, cybercriminals affiliated with Russia carried out 24% of attacks on other types of industries.

While there is no concrete evidence that Russia-based cybercriminal groups cooperate with Kremlin, there is a clear narrative about who is the enemy. While Russia’s war in Ukraine is continuing, organizations and governments of Western countries have to stay sharp against possible attacks. Our other research suggest that Russia and China might be involved in many other cyberattacks.