Significant Growth In State-Sponsored Cyber Attacks

Warfare has entered a new era where attacks are no longer physical but digital, in which nations may deliver cyber attacks with the intent to damage or destroy another’s IT infrastructure.   

While the popular perception of hackers are lone wolves operating in isolation, it’s increasingly common for cyber attacks to have a state-sponsored element, with countries taking to the Internet to wage covert, undercover warfare on others. Whilst the threat of cyber attack was identified by the World Economic Forum in its annual Global Risks Report, they also identified the diminishing willingness to act cooperatively against global challenges. It seems the threat of cyber warfare will not be going away any time soon.

A state-sponsored cyber attack usually has one of three objectives:

  • Probing for and exploiting national infrastructure vulnerabilities.
  • Gathering intelligence.
  • Exploiting money from systems and people.

Some APTs are military or intelligence units under formal state direction, while others are independent hackers operating with tacit government backing.

America First

One of the most sophisticated APTs, the Equation Group, is widely believed to be run by the US National Security Agency, while the Stuxnet worm, believed to be a joint Israeli-American attack against Iran’s nuclear programme, was able to damage uranium enrichment centrifuges in 2010. 

In March 2021 the head of US Cyber Command testified that the organisation had conducted more than two dozen operations to confront foreign threats ahead of the 2020 US elections, including eleven forward hunt operations in nine different countries.  

North Korean Cyberwar Exploits

In February this year the US Department of Justice unsealed an indictment against three members of North Korean military intelligence, accusing them of being members of the Lazarus Group.  The indictment details a long list of crimes in addition to the Sony hack and WannaCry. The Lazarus Group has pulled off audacious thefts from banks around the world, hacking into their systems and sending money into accounts it controls. 

The Lazarus Group is considered an Advanced Persistent Threat (APT), the term given to hacker groups that operate with state backing. Security companies give them names, numbers or both: Lazarus is APT38, while APT37 is another North Korean group that focuses on attacking South Korea.

Nobody knows how North Korea trains its elite hackers. Parts of the WannaCry worm showed signs of being written in Chinese, which could suggest that China helps, or could just be a coincidence. Some North Koreans likely study in the West, too, using South Korean identities and passports.

North Korea is far from alone in sponsoring hacking, but other states have different priorities.

Chinese Espionage

China has the most known APTs, and its state-sponsored hacking tends to focus on espionage, both government and corporate, rather than theft. Recently, Microsoft accused China’s Hafnium APT of breaking into the email servers of 250,000 organisations since the beginning of the year, including the European Banking Authority and Norway’s parliament. 

Russian Expertise In Cyberwar

Russia's state-sponsored hackers are accused of numerous cyber attacks aimed at diminishing western elections, hacking into key infrastructure and releasing confidential information into the public domain. Most famous of all is  APT29, better known as Cozy Bear, was revealed as the perpetrator of a sophisticated hack attack of software company SolarWinds in December. 

By installing a hidden backdoor in SolarWinds’ products, hackers were able to gain access to dozens of government agencies and companies that used the compromised tools.

The louder, brasher cousin APT28, known as Fancy Bear, was behind the hacks on the Democratic National Committee and Hillary Clinton’s presidential election campaign.

Iranian Shape Shifters

Iranian APTs conduct espionage on military organisations in the Middle East and beyond, trying to steal weapons plans and occasionally sabotaging infrastructure. Iran was accused of trying to poison Israel’s water last April by hacking into a water plant and boosting the levels of chlorine.

APTs from at least three of these countries were caught hacking vaccine research facilities last year, either to steal data or sabotage development efforts, however, it’s not only non-western states that run APTs against their opponents.

Ultimately, cyber attacks are a means, not an end. Some APTs are conducting classic espionage and want our data. Some are seeking to sow discord and damage their opponents’ political systems.

How Should The World Respond ? 

The US government has started treating APT groups like common criminals, naming and indicting their members, and arresting them, even if they’re uniformed officers of a country’s armed forces. In Britain, Prime Minister Boris Johnson has created a National Cyber Force in 2020, pulling experts from MI6, GCHQ and the Ministry of Defence together into a single command.

The UK  Integrated Review of security, defence, development and foreign policy, published recently, envisions the National Cyber Force working ‘to impose costs on our adversaries, deny their ability to harm UK interests, and make the UK 'a more difficult operating environment’.

Given the growing threat of cyber warfare, there have been calls for a ‘cyber Geneva Convention’ to oversee the use of cyber weapons around the world. Just as it took the horrors of World War II to bring about the Geneva Convention, it will perhaps take a catastrophic cyber breach to encourage the world to cooperate sufficiently to bring about a cyber specific version.

WEF:     Spectator:       CSIS:       EC Council:       Cyber News:       Quostar:

You Might Also Read: 

Cyber Warfare Creates Ghosts In Our Machines:

 

« Maritime Cyber Security Has Missing Parts
Easy-to-Guess Passwords Are Risky »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Cyvatar

Cyvatar

Cyvatar is a technology-enabled cyber security as a service (CSaaS) provider delivering smarter managed security to help you achieve compliance and security faster and more efficiently.

Tactic Labs

Tactic Labs

Tactic Labs (part of the Avnon Group) delivers a holistic Cyber-Security Management Platform which provides military-grade protection, safeguarding critical infrastructures and mission-critical data.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.