Significant Growth In State-Sponsored Cyber Attacks

Uploaded on 2021-04-23 in INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE-Hot Spots-Russia, TECHNOLOGY--Hackers

Warfare has entered a new era where attacks are no longer physical but digital, in which nations may deliver cyber attacks with the intent to damage or destroy another’s IT infrastructure.   

While the popular perception of hackers are lone wolves operating in isolation, it’s increasingly common for cyber attacks to have a state-sponsored element, with countries taking to the Internet to wage covert, undercover warfare on others. Whilst the threat of cyber attack was identified by the World Economic Forum in its annual Global Risks Report, they also identified the diminishing willingness to act cooperatively against global challenges. It seems the threat of cyber warfare will not be going away any time soon.

A state-sponsored cyber attack usually has one of three objectives:

  • Probing for and exploiting national infrastructure vulnerabilities.
  • Gathering intelligence.
  • Exploiting money from systems and people.

Some APTs are military or intelligence units under formal state direction, while others are independent hackers operating with tacit government backing.

America First

One of the most sophisticated APTs, the Equation Group, is widely believed to be run by the US National Security Agency, while the Stuxnet worm, believed to be a joint Israeli-American attack against Iran’s nuclear programme, was able to damage uranium enrichment centrifuges in 2010. 

In March 2021 the head of US Cyber Command testified that the organisation had conducted more than two dozen operations to confront foreign threats ahead of the 2020 US elections, including eleven forward hunt operations in nine different countries.  

North Korean Cyberwar Exploits

In February this year the US Department of Justice unsealed an indictment against three members of North Korean military intelligence, accusing them of being members of the Lazarus Group.  The indictment details a long list of crimes in addition to the Sony hack and WannaCry. The Lazarus Group has pulled off audacious thefts from banks around the world, hacking into their systems and sending money into accounts it controls. 

The Lazarus Group is considered an Advanced Persistent Threat (APT), the term given to hacker groups that operate with state backing. Security companies give them names, numbers or both: Lazarus is APT38, while APT37 is another North Korean group that focuses on attacking South Korea.

Nobody knows how North Korea trains its elite hackers. Parts of the WannaCry worm showed signs of being written in Chinese, which could suggest that China helps, or could just be a coincidence. Some North Koreans likely study in the West, too, using South Korean identities and passports.

North Korea is far from alone in sponsoring hacking, but other states have different priorities.

Chinese Espionage

China has the most known APTs, and its state-sponsored hacking tends to focus on espionage, both government and corporate, rather than theft. Recently, Microsoft accused China’s Hafnium APT of breaking into the email servers of 250,000 organisations since the beginning of the year, including the European Banking Authority and Norway’s parliament. 

Russian Expertise In Cyberwar

Russia's state-sponsored hackers are accused of numerous cyber attacks aimed at diminishing western elections, hacking into key infrastructure and releasing confidential information into the public domain. Most famous of all is  APT29, better known as Cozy Bear, was revealed as the perpetrator of a sophisticated hack attack of software company SolarWinds in December. 

By installing a hidden backdoor in SolarWinds’ products, hackers were able to gain access to dozens of government agencies and companies that used the compromised tools.

The louder, brasher cousin APT28, known as Fancy Bear, was behind the hacks on the Democratic National Committee and Hillary Clinton’s presidential election campaign.

Iranian Shape Shifters

Iranian APTs conduct espionage on military organisations in the Middle East and beyond, trying to steal weapons plans and occasionally sabotaging infrastructure. Iran was accused of trying to poison Israel’s water last April by hacking into a water plant and boosting the levels of chlorine.

APTs from at least three of these countries were caught hacking vaccine research facilities last year, either to steal data or sabotage development efforts, however, it’s not only non-western states that run APTs against their opponents.

Ultimately, cyber attacks are a means, not an end. Some APTs are conducting classic espionage and want our data. Some are seeking to sow discord and damage their opponents’ political systems.

How Should The World Respond ? 

The US government has started treating APT groups like common criminals, naming and indicting their members, and arresting them, even if they’re uniformed officers of a country’s armed forces. In Britain, Prime Minister Boris Johnson has created a National Cyber Force in 2020, pulling experts from MI6, GCHQ and the Ministry of Defence together into a single command.

The UK  Integrated Review of security, defence, development and foreign policy, published recently, envisions the National Cyber Force working ‘to impose costs on our adversaries, deny their ability to harm UK interests, and make the UK 'a more difficult operating environment’.

Given the growing threat of cyber warfare, there have been calls for a ‘cyber Geneva Convention’ to oversee the use of cyber weapons around the world. Just as it took the horrors of World War II to bring about the Geneva Convention, it will perhaps take a catastrophic cyber breach to encourage the world to cooperate sufficiently to bring about a cyber specific version.

WEF:     Spectator:       CSIS:       EC Council:       Cyber News:       Quostar:

You Might Also Read: 

Cyber Warfare Creates Ghosts In Our Machines:

 

« Maritime Cyber Security Has Missing Parts
Easy-to-Guess Passwords Are Risky »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

WhiteHat Security

WhiteHat Security

WhiteHat’s products enable customers to “Hack Yourself First” so that they gain a greater understanding of the actual risk to their business.

World Privacy Forum (WPF)

World Privacy Forum (WPF)

The World Privacy Forum is a non-profit public interest research group that focuses on privacy and technology issues.

Varonis

Varonis

Varonis provide a security software platform to let organizations track, visualize, analyze and protect their unstructured data.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

Macquarie Telecom Group

Macquarie Telecom Group

Macquarie Telecom is Australia's datacentre, cloud, cyber security and telecom company for mid-large business and government customers.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

Cycurion

Cycurion

Cycurion is a global leading provider of Network Communications and Information Technology Security Solutions.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.

CliffGuard Cybersecurity

CliffGuard Cybersecurity

CliffGuard Cybersecurity deliver comprehensive services designed to protect your organization from the ever-evolving landscape of cyber threats.

Tuskira

Tuskira

Tuskira is a Preemptive Cyber Defense & Response Platform powered by Agentic AI, designed to go beyond traditional vulnerability management.