Significant Growth In State-Sponsored Cyber Attacks

Uploaded on 2021-04-23 in INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE-Hot Spots-Russia, TECHNOLOGY--Hackers

Warfare has entered a new era where attacks are no longer physical but digital, in which nations may deliver cyber attacks with the intent to damage or destroy another’s IT infrastructure.   

While the popular perception of hackers are lone wolves operating in isolation, it’s increasingly common for cyber attacks to have a state-sponsored element, with countries taking to the Internet to wage covert, undercover warfare on others. Whilst the threat of cyber attack was identified by the World Economic Forum in its annual Global Risks Report, they also identified the diminishing willingness to act cooperatively against global challenges. It seems the threat of cyber warfare will not be going away any time soon.

A state-sponsored cyber attack usually has one of three objectives:

  • Probing for and exploiting national infrastructure vulnerabilities.
  • Gathering intelligence.
  • Exploiting money from systems and people.

Some APTs are military or intelligence units under formal state direction, while others are independent hackers operating with tacit government backing.

America First

One of the most sophisticated APTs, the Equation Group, is widely believed to be run by the US National Security Agency, while the Stuxnet worm, believed to be a joint Israeli-American attack against Iran’s nuclear programme, was able to damage uranium enrichment centrifuges in 2010. 

In March 2021 the head of US Cyber Command testified that the organisation had conducted more than two dozen operations to confront foreign threats ahead of the 2020 US elections, including eleven forward hunt operations in nine different countries.  

North Korean Cyberwar Exploits

In February this year the US Department of Justice unsealed an indictment against three members of North Korean military intelligence, accusing them of being members of the Lazarus Group.  The indictment details a long list of crimes in addition to the Sony hack and WannaCry. The Lazarus Group has pulled off audacious thefts from banks around the world, hacking into their systems and sending money into accounts it controls. 

The Lazarus Group is considered an Advanced Persistent Threat (APT), the term given to hacker groups that operate with state backing. Security companies give them names, numbers or both: Lazarus is APT38, while APT37 is another North Korean group that focuses on attacking South Korea.

Nobody knows how North Korea trains its elite hackers. Parts of the WannaCry worm showed signs of being written in Chinese, which could suggest that China helps, or could just be a coincidence. Some North Koreans likely study in the West, too, using South Korean identities and passports.

North Korea is far from alone in sponsoring hacking, but other states have different priorities.

Chinese Espionage

China has the most known APTs, and its state-sponsored hacking tends to focus on espionage, both government and corporate, rather than theft. Recently, Microsoft accused China’s Hafnium APT of breaking into the email servers of 250,000 organisations since the beginning of the year, including the European Banking Authority and Norway’s parliament. 

Russian Expertise In Cyberwar

Russia's state-sponsored hackers are accused of numerous cyber attacks aimed at diminishing western elections, hacking into key infrastructure and releasing confidential information into the public domain. Most famous of all is  APT29, better known as Cozy Bear, was revealed as the perpetrator of a sophisticated hack attack of software company SolarWinds in December. 

By installing a hidden backdoor in SolarWinds’ products, hackers were able to gain access to dozens of government agencies and companies that used the compromised tools.

The louder, brasher cousin APT28, known as Fancy Bear, was behind the hacks on the Democratic National Committee and Hillary Clinton’s presidential election campaign.

Iranian Shape Shifters

Iranian APTs conduct espionage on military organisations in the Middle East and beyond, trying to steal weapons plans and occasionally sabotaging infrastructure. Iran was accused of trying to poison Israel’s water last April by hacking into a water plant and boosting the levels of chlorine.

APTs from at least three of these countries were caught hacking vaccine research facilities last year, either to steal data or sabotage development efforts, however, it’s not only non-western states that run APTs against their opponents.

Ultimately, cyber attacks are a means, not an end. Some APTs are conducting classic espionage and want our data. Some are seeking to sow discord and damage their opponents’ political systems.

How Should The World Respond ? 

The US government has started treating APT groups like common criminals, naming and indicting their members, and arresting them, even if they’re uniformed officers of a country’s armed forces. In Britain, Prime Minister Boris Johnson has created a National Cyber Force in 2020, pulling experts from MI6, GCHQ and the Ministry of Defence together into a single command.

The UK  Integrated Review of security, defence, development and foreign policy, published recently, envisions the National Cyber Force working ‘to impose costs on our adversaries, deny their ability to harm UK interests, and make the UK 'a more difficult operating environment’.

Given the growing threat of cyber warfare, there have been calls for a ‘cyber Geneva Convention’ to oversee the use of cyber weapons around the world. Just as it took the horrors of World War II to bring about the Geneva Convention, it will perhaps take a catastrophic cyber breach to encourage the world to cooperate sufficiently to bring about a cyber specific version.

WEF:     Spectator:       CSIS:       EC Council:       Cyber News:       Quostar:

You Might Also Read: 

Cyber Warfare Creates Ghosts In Our Machines:

 

« Maritime Cyber Security Has Missing Parts
Easy-to-Guess Passwords Are Risky »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CoSoSys Endpoint Protector

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux, that puts an end to unintentional data leaks and protects from malicious data theft.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

Hysolate

Hysolate

Hysolate has transformed the endpoint, making it the secure and productive environment it was meant to be.

Shift5

Shift5

Shift5 focus on securing operational technology (OT) by building best-in-class, dual-use products serving military and commercial entities.

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

Intel 471

Intel 471

Intel 471 provides adversary and malware intelligence for leading intelligence, security and fraud teams.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Mobb

Mobb

Mobb's AI-powered technology automates vulnerability remediations to significantly reduce security backlogs and free developers to focus on innovation.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

AirMDR

AirMDR

Designed by experts, AirMDR solutions cater to the unique demands of security operations centers.

Benchmark Executive Search

Benchmark Executive Search

Benchmark specializes in finding elite talent for startup, emerging-growth and mid-cap companies offering game-changing technologies or innovative services to the federal and commercial markets.

Integrated Cyber Solutions (ICS)

Integrated Cyber Solutions (ICS)

Integrated Cyber Solutions is a managed security service provider that humanizes cybersecurity managed services to the Small-to-Medium Business (SMB) and Small-to-Medium Enterprise (SME) sectors.