Significant Growth In State-Sponsored Cyber Attacks

Uploaded on 2021-04-23 in INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE-Hot Spots-Russia, TECHNOLOGY--Hackers

Warfare has entered a new era where attacks are no longer physical but digital, in which nations may deliver cyber attacks with the intent to damage or destroy another’s IT infrastructure.   

While the popular perception of hackers are lone wolves operating in isolation, it’s increasingly common for cyber attacks to have a state-sponsored element, with countries taking to the Internet to wage covert, undercover warfare on others. Whilst the threat of cyber attack was identified by the World Economic Forum in its annual Global Risks Report, they also identified the diminishing willingness to act cooperatively against global challenges. It seems the threat of cyber warfare will not be going away any time soon.

A state-sponsored cyber attack usually has one of three objectives:

  • Probing for and exploiting national infrastructure vulnerabilities.
  • Gathering intelligence.
  • Exploiting money from systems and people.

Some APTs are military or intelligence units under formal state direction, while others are independent hackers operating with tacit government backing.

America First

One of the most sophisticated APTs, the Equation Group, is widely believed to be run by the US National Security Agency, while the Stuxnet worm, believed to be a joint Israeli-American attack against Iran’s nuclear programme, was able to damage uranium enrichment centrifuges in 2010. 

In March 2021 the head of US Cyber Command testified that the organisation had conducted more than two dozen operations to confront foreign threats ahead of the 2020 US elections, including eleven forward hunt operations in nine different countries.  

North Korean Cyberwar Exploits

In February this year the US Department of Justice unsealed an indictment against three members of North Korean military intelligence, accusing them of being members of the Lazarus Group.  The indictment details a long list of crimes in addition to the Sony hack and WannaCry. The Lazarus Group has pulled off audacious thefts from banks around the world, hacking into their systems and sending money into accounts it controls. 

The Lazarus Group is considered an Advanced Persistent Threat (APT), the term given to hacker groups that operate with state backing. Security companies give them names, numbers or both: Lazarus is APT38, while APT37 is another North Korean group that focuses on attacking South Korea.

Nobody knows how North Korea trains its elite hackers. Parts of the WannaCry worm showed signs of being written in Chinese, which could suggest that China helps, or could just be a coincidence. Some North Koreans likely study in the West, too, using South Korean identities and passports.

North Korea is far from alone in sponsoring hacking, but other states have different priorities.

Chinese Espionage

China has the most known APTs, and its state-sponsored hacking tends to focus on espionage, both government and corporate, rather than theft. Recently, Microsoft accused China’s Hafnium APT of breaking into the email servers of 250,000 organisations since the beginning of the year, including the European Banking Authority and Norway’s parliament. 

Russian Expertise In Cyberwar

Russia's state-sponsored hackers are accused of numerous cyber attacks aimed at diminishing western elections, hacking into key infrastructure and releasing confidential information into the public domain. Most famous of all is  APT29, better known as Cozy Bear, was revealed as the perpetrator of a sophisticated hack attack of software company SolarWinds in December. 

By installing a hidden backdoor in SolarWinds’ products, hackers were able to gain access to dozens of government agencies and companies that used the compromised tools.

The louder, brasher cousin APT28, known as Fancy Bear, was behind the hacks on the Democratic National Committee and Hillary Clinton’s presidential election campaign.

Iranian Shape Shifters

Iranian APTs conduct espionage on military organisations in the Middle East and beyond, trying to steal weapons plans and occasionally sabotaging infrastructure. Iran was accused of trying to poison Israel’s water last April by hacking into a water plant and boosting the levels of chlorine.

APTs from at least three of these countries were caught hacking vaccine research facilities last year, either to steal data or sabotage development efforts, however, it’s not only non-western states that run APTs against their opponents.

Ultimately, cyber attacks are a means, not an end. Some APTs are conducting classic espionage and want our data. Some are seeking to sow discord and damage their opponents’ political systems.

How Should The World Respond ? 

The US government has started treating APT groups like common criminals, naming and indicting their members, and arresting them, even if they’re uniformed officers of a country’s armed forces. In Britain, Prime Minister Boris Johnson has created a National Cyber Force in 2020, pulling experts from MI6, GCHQ and the Ministry of Defence together into a single command.

The UK  Integrated Review of security, defence, development and foreign policy, published recently, envisions the National Cyber Force working ‘to impose costs on our adversaries, deny their ability to harm UK interests, and make the UK 'a more difficult operating environment’.

Given the growing threat of cyber warfare, there have been calls for a ‘cyber Geneva Convention’ to oversee the use of cyber weapons around the world. Just as it took the horrors of World War II to bring about the Geneva Convention, it will perhaps take a catastrophic cyber breach to encourage the world to cooperate sufficiently to bring about a cyber specific version.

WEF:     Spectator:       CSIS:       EC Council:       Cyber News:       Quostar:

You Might Also Read: 

Cyber Warfare Creates Ghosts In Our Machines:

 

« Maritime Cyber Security Has Missing Parts
Easy-to-Guess Passwords Are Risky »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Mielabelo

Mielabelo

Belgian consulting firm providing services in the security and compliance of information systems and IT service management.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

The goal of ICSP is to become a state hub for cybersecurity research and education, including multidisciplinary programs and research opportunities, outreach activities, and industry partnership.

NSIDE Attack Logic

NSIDE Attack Logic

NSIDE Attack Logic simulates real-world cyber attacks to detect vulnerabilities in corporate networks and systems.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

DEFENTEK - National Security Informatics

DEFENTEK - National Security Informatics

Defentek (aka National Security Informatics) is a technology consortium covering a broad spectrum of intelligence computing solutions and interception technologies.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.