Cyber attacks backed by nations such as China and North Korea are rapidly increasing. Analysis shows these state-sponsored groups primarily target national information technology (IT) infrastructure, with most attacks aimed at economic gain.
Microsoft’s (MS) Digital Defense Report 2025, released on October 18, reveals that 52% of cyber attacks by state-backed organizations between July 2024 and June 2025 were motivated by financial gain. Only 4% were for espionage purposes.
Amy Hogan-Burney, Microsoft’s Vice President of Cybersecurity, emphasized that threats from state-backed groups pose a serious and persistent danger, with their primary objective appearing to be profit generation.
MS reported a global surge in cyber attacks from state-sponsored groups in countries including China, Iran, Russia, and North Korea. The United States was the most targeted nation with 623 attacks, while South Korea (126) ranked second in the Asia-Pacific region, just behind Taiwan (143).
The MS report highlighted that organizations backed by China and North Korea specifically targeted South Korea, focusing mainly on the IT sector.
Chinese-backed groups targeted the U.S. (35%), Thailand (14%), Taiwan (12%), and South Korea (8%). North Korean-backed entities predominantly focused on the United States (50%), with South Korea accounting for just 1% of their attacks, placing it 10th on the list.
These organizations primarily targeted the IT sector (23% from China, 33% from North Korea). MS noted that China utilizes these attacks to bolster national competitiveness, particularly in key economic sectors, by targeting critical IT infrastructure such as internet service providers (ISPs) and telecommunications companies.
MS also linked attacks from North Korean-backed groups to economic motives. They explained that these organizations focus on generating revenue and gathering intelligence from entities involved in blockchain technology and cryptocurrencies.
The use of artificial intelligence (AI) by these state-sponsored groups is also rapidly increasing. MS observed that while AI-powered attacks were rare in July 2023, the number surged from 50 in July 2024 to 225 by July 2025.
MS analysis showed that phishing crimes become significantly more effective when AI is involved. According to the report, the likelihood of users clicking on AI-generated phishing emails is 54%, approximately 4.5 times higher than that of traditional phishing emails (12%).
MS warned that AI enables highly targeted attacks through sophisticated phishing techniques, predicting that its utilization could potentially increase profitability by up to 50 times.