Top Nation State Cyber Threat Actors That Can Derail Your Business
The cyber domain is loaded with a variety of malicious actors that can threaten the integrity of your organization. Among these threat actors, the nation state is easily the biggest and most dangerous player on the cyber field. Often well-resourced, technologically advanced, and more capable than script kiddies, hacktivists, insiders, and cyber criminals, nation state threat actors possess the capabilities to critically damage network infrastructure, steal company secrets, commit espionage, and often do so with impunity.
So, how are adversarial nation states able to do their dirty work in the cyber domain? In some instances, adversarial nation states use a combination of trained professionals, as well as hired mercenaries and/or proxy groups. Outsourced support could include people who have similar political motives as the state they serve, or those who have been coerced by their host government to work for them. In some cases, state-sponsored hackers will have ties to the military or intelligence community of their host country and are selected for specific job functions ranging from disinformation to destruction (to name a few).
So, who are some of the biggest threats out there? The list below (in no particular order) details the top four nation state actors that your organization should be aware of.
Russia is one of the foremost adversaries in the cyber domain, particularly when it comes to targeting Western nations. Russia continually deploys a wide-range of aggressive cyber operations to undermine democratic institutions and to demonstrate strength through non-kinetic means in what are called “active measures.” Active measures is a general term for the actions of political warfare to influence world events and intelligence collection. One of the most prominent examples of Russian active measures stems from the 2007 case whereby a number of Russian-sponsored cyber attacks targeted Estonian organizations such as the Estonian parliament, various ministries, banks, and news broadcasters over a disagreement over the relocation of the Bronze Soldier of Tallinn.
Russia also uses its cyber capabilities as an auxiliary function to its kinetic means of warfare. Take the 2016 case where Russian-sponsored hackers deployed malware in Ukraine that brought down about one-fifth of the nations total power capacity. Today, Russia has reportedly targeted more than 500 people or institutions to include senior leaders such as Colin Powell, the Clinton campaign, the Democratic National Committee, and, according to US-CERT, are now targeting U.S. critical infrastructure.
China has strategically used cyber operations to offset its existing imbalance in conventional military forces and, quite persistently, as a tool to better position itself in the global marketplace. Above all, the Chinese have created formidable capabilities to extensively engage in cyber espionage and although the Chinese certainly remain capable to initiate kinetic attacks (i.e. attacks that can cause physical damage) vis-à-vis their cyber capabilities, its focus has remained on using espionage to fortify its economy. According to a recent IP Commission Report, China has stolen more than $300 billion dollars in intellectual property from U.S.-based companies. However, prior to the 2015 U.S.-China agreement that the respective governments would not conduct or knowingly support cyber-enabled theft of business secrets, the Chinese showcased its capacity to penetrate U.S. government networks. In 1999 and 2001 the Chinese initiated politically-motivated cyber attacks after their embassy was bombed by the U.S in Belgrade and again when a U.S. reconnaissance aircraft collided with a Chinese fighter plane. Even in light of the 2015 Office of Personnel Management breach in which more than 21 million records were stolen, reports have suggested that there has been a significant drop in Chinese-sponsored cyber espionage. This reporting aside, it is important to remember that cyber espionage is and will continue to be integral to the nation state’s future ambitions and Five Year Plan.
Cyber operations have become a hallmark tool of Iranian statecraft. Although Iran may lack the capabilities and cyber infrastructure that China and Russia may have, it is dangerous nonetheless to both public and private industry. Attacks in 2018 have also demonstrated that Iran’s cyber operations are increasing in sophistication. Most recently, Iranian hackers have been breaching defense contract networks, oil and gas companies, tech firms, telecommunications providers, and aviation firms. The Trump administration also recently indicted an Iranian-sponsored hacking group that allegedly targeted dozens of U.S. universities, companies and government agencies—as well as the United Nations—and stole roughly 31 terabytes of data and intellectual property from entities worldwide. As a threat actor, it’s also important to note that Iran’s cyber sophistication has increased exponentially in a relatively short period of time. As Iranian cyber capabilities continue to advance it will be more and more important for the U.S. government and private industry to stay vigilant about this country’s new threats.
4. North Korea
North Korea uses cyber operations as a means to project power, a tool to circumvent economic pressures from sanctions, and to fund national initiatives. Similar to Iran, North Korea adopts tactics, techniques, and procedures that it steals, buys, or learns via the international cyber arena. Organized into its larger military structure, North Korean cyber operations focus on financing illicit state activity along with power projection. Most notably, North Korea was responsible for the 2014 Sony Pictures hack. North Korea has also targeted the private industry of its neighbors. In 2011, North Korea conducted a destructive attack on South Korea’s Nonghyup Agricultural Bank, impacting more than 30 million customers for nearly a week by destroying critical bank information.
What Should You Do?
If it wasn’t clear to you before, it should be clear by now that nation state cyber operations are not just targeting the U.S. government, they are going after private industry. The private sector can also be caught in the crosshairs for what otherwise might be a larger geopolitical rivalry between two nations, or as part of one nation’s strategic gains.
So, what can you do about it? CyberVista’s Resolve Program walks you through the various threat actors that your organization might face and what motivates them, including, but certainly not limited to nation states. Our program will help you understand the motives of cyber threat actors and think through potential risk scenarios that can help inform your business risk decisions. In addition to our onsite training programs for boards and executives, Cyber Resolve is now available online. Our digital cyber risk program provides you with the convenience to learn at your own pace and serves as an ongoing resource.