Mercenary Hackers Funded By Nation-States

Uploaded on 2017-12-08 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, FREE TO VIEW

Lines between government-backed hackers and cyber criminals are getting blurred, as indicated by recent the FBI indictment of two Russian intelligence officers and two criminal co-defendants for a major breach of the Yahoo email service.

Earlier this FBI Director Christopher Wray told the US Congressional Homeland Security Committee, “We are seeing an emergence of that kind of collaboration which used to be two separate things, nation-state actors and criminal hackers." 

The Homeland Security Department is also following the trend, acting Secretary Elaine Duke told the committee. “What we’re having to do is really understand, as the director said earlier, the difference between state actors, people [who are] maybe just looking for financial gain and those hybrid actors and that’s become more difficult,” she said. Homeland Security leads civilian government cyber-security and helps critical infrastructure providers, such as airports, banks and hospitals, secure their computer networks.

US officials have long feared that cyber-criminal networks, which operate with relative impunity in parts of Russia, could be deputised for hacking operations that serve the Kremlin’s interests.

Russian President Vladimir Putin even speculated that “patriotic hackers” in Russia might have been responsible for email breaches at Democratic political organisations that sowed chaos during the 2016 US presidential election. He’s disputed, however, US intelligence agencies’ conclusion that the Russian government ordered those breaches.

Historically this type of government/criminal action goes a long way back and one relevant association was/is with pirates on the seas and oceans where the pirates that were commissioned by a government were called privateers and many governments used them against their opposition/enemy including the English against the Spanish in the 16th/17th centuries.  

Such hybrid government-criminal breaches are increasingly becoming a reality, Wray told lawmakers. “You have the blend of a nation-state actor, in that case, the Russian intelligence service, using the assistance of criminal hackers, which you think of almost like mercenaries, being used to commit cyberattacks,” the FBI director said. “Russia is attempting to assert its place in the world and relying more creatively on a form of asymmetric warfare to damage and weaken this country economically and otherwise,” he said.   

It’s highly unlikely the Russian Yahoo hackers will see a US courtroom because the US does not have an extradition agreement with Russia, Wray acknowledged. “On the other hand, if they travel, that’s going to be a challenge for them because they are now, at that point, fugitives wanted by the FBI,” he said.

DefenseOne

You Might Also Read

Nation State Hacking Has A Big Commercial Impact:

The Nation State Hack-Attack:

Yahoo Hack Affects 1 Billion Accounts:

Hackers For Hire:

 

 

« Fake News & Botnets: Russia Has Weaponised The Web
Australia To Challenge Facebook & Google Over Media Disruption »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

ICTSecurity Portal

ICTSecurity Portal

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

Canadian Institute for Cybersecurity (CIC)

Canadian Institute for Cybersecurity (CIC)

The Canadian Institute for Cybersecurity (CIC) is a comprehensive multidisciplinary training, research and development, and entrepreneurial unit.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.

Aztek

Aztek

Aztek is one of the UK’s leading Managed Service Providers, providing customer-focused IT, Communication and Cyber Security solutions to help transform and grow your business.