While many envision hackers as lone wolves or small networks of illicit players, recent data suggests state actors are increasingly taking a leading role in cyber warfare.
According to the Council on Foreign Relations “since 2005, thirty-three countries are suspected of sponsoring cyber operations. China, Russia, Iran, and North Korea sponsored 77 percent of all suspected operations. In 2019, there were a total of seventy-six operations, most being acts of espionage.”
With massive manpower and even deeper pockets, state-sponsored hacker networks pose a never-before-seen risk to individuals and businesses. Driven as much by political as economic motivation, state-sponsored cyber attacks can cause devastation to critical infrastructure and data.
While hacker networks of the past might have been focused on getting a quick buck, today’s cyber criminals target medical infrastructure to hijack Covid-19 vaccine data or contaminate national water supplies with potentially disastrous effects.
The birth of State-Sponsored Hacking
Large scale cyber-attacks and international hacking networks are not a new concept. Long before the media and security establishment began to give them coverage, hackers were taking advantage of unsuspecting users and organizations.
In 1986, Markus Hess, a West German national, working for the KGB, hacked into US military computers and officially started what we now call state-sponsored hacking. Hess intercepted communications and stole “sensitive semiconductor, satellite, space and aircraft technologies” from the US armed forces, and eventually sold the data to the Soviet Union for the equivalent of $56,000.
The shift in scale and scope of attacks from ad hoc groups and minimally funded hacker organizations to government funding hacking programs and established military cyber-attack units has completely changed the methods and intended impact of cyber-attacks.
To put the numbers in context, according to Shane Huntley of Google TAG “more than 12,000 warnings were triggered by state-sponsored phishing attempts, [which] were sent out to users across 149 countries in the third quarter of 2019.” The google tag research suggests that there are more than 270 targeted or government-backed hacking organizations currently operating in more than 50 countries.
Where historically hackers have focused on short-term economic gain or extortion via customer data, state-sponsored hackers have many goals “including intelligence collection, stealing intellectual property, targeting dissidents and activists, destructive cyber-attacks, or spreading coordinated disinformation.”
Stuxnet changed the level of sophistication in state-sponsored hacking
The 2010 Stuxnet attack was considered a “game-changer” in the scope and destruction of international cyber operations. “Stuxnet was a self-replicating cyber worm which infected hundreds of computers (as well as the cyber network they operated on), and successfully shut down the Iranian nuclear centrifuge facilities in the county of Natanz.”
Stuxnet, often attributed to Israeli and US intelligence services, differed from previous attacks in its ability to monitored and collected data on Iranian nuclear capabilities.
Whereas previous state-sponsored cyber events may have gone under the radar, the Stuxnet attack successfully destroyed 1,000 centrifuges, leading to a 10% reduction in Iran’s nuclear development and a placed a significant obstacle in the way of Iran reaching its long-term nuclear aspirations.
What are they targeting?
While some traditional military tactics remain relevant, increasingly state actors are relying upon cyber warfare to effectively shut down vital infrastructure via malware and viruses.
According to CyberPolicy “China is known to have spied on companies in the U.S. technology and pharmaceutical industries; and North Korea is suspected of having attempted to infiltrate electrical grids.”
While Russia has used its cyber know how to influence US elections and international anti-doping bodies, Iran has used its broad cyber capabilities to attack critical national infrastructure and important diplomats and government officials worldwide.
Who are the actors?
According to The Digital Defense Report, published by Microsoft, Russian is leading all international actors credited with 52% of all attacks between July 2019 and June 2020, followed by Iran with 25%, China with 12%, and North Korea rounding out the list with an estimated 11% of cyber infiltration.
There is no one-size-fits-all attack plan for how state actors operate in the cyber domain. Each nation uses cyber warfare to achieve a broad range of political, economic, and technological end goals.
What is at risk?
According to ZDnet, “Cyber spies have not let a tragedy or national disaster go to waste. From the Paris terror attack of November 2015 to the oppression of the Uyghur population in China, state-sponsored groups have always crafted their email lures to achieve the maximum results and, historically, tragic events have always presented the best lures.”
From small businesses at risk of losing secure data and intellectual property, to countries forced to build new levels of cyber protection for critical infrastructure, state actors have dramatically changed the aims of international cyber-crime to meet their political and economic goals. Long gone on the days where malware was just trying to attack your bank account. With state backed hackers the bar has been raised to influencing global politics, crippling domestic water supplies and causing economic destruction on a scale previously thought unimaginable.
Originally published on Forbes.com – December 21st 2020:
