Netskope Threat Lab: 66% of Attributable Malware Comes from State-Funded Attack Groups

New data released by Netskope Threat Labs has found that, over the past 12 months, 66% of the attributable malware targeted at its customers was linked to state-funded attack groups.

The largest share of malware attacks, according to Netskope Threat Labs, came from North Korean threat groups, with Chinese and Russian groups as second and third most prevalent. A growing number of attacks use cloud applications as a point of entry and exfiltration.

The research also reveals North Korea, China, and Russia’s differing strategic objectives drive very different approaches to cyberattacks, leading to their widely varying “market share” in the threat landscape.

Netskope Threat Labs Finds Different Targets, Different Objectives

Currently, North Korea accounts for the largest share of malware attacks globally. Unlike Russia and China, North Korea’s campaigns are primarily financially motivated, leveraging cybercrime and cryptocurrency theft to fund military programmes. As a result, it targets non-specific population groups in its quest to maximise profits.

In contrast, Russia and China use cyberattacks to target their global adversaries’ critical infrastructure and high-value targets to cause targeted but high-impact disruption and damage. This means that Russia and China’s share of overall malware attacks is smaller, but the national impact of their attacks has the potential to be more disruptive.

Commenting, Sanjay Beri, CEO at and Co-Founder of Netskope, said about the Netskope Threat Lab’s recent findings: “There is no doubt that we are witnessing a global escalation of