23 October 2022

The Not-So Secret Cyber War: 5 Nations Conducting the Most Cyberattacks

Peter Suciu

October is Cybersecurity Awareness Month, but cyber vigilance is something that should be practiced year-round. Unfortunately, the threat vector continues to get worse, and hacking is now a domain where a not-so-secret war is being waged. A question remains, however, as to what nations are actively engaged – but also where some of those states manage to train their cyber teams to conduct these hacks.

“Most of our enemies offer free university education to their citizens,” warned John Gunn, CEO of cybersecurity provider Token.

There is also evidence to suggest that China and Russia, in particular, have cyber training programs in place.

“China has a vast National Cybersecurity Centre in Wuhan, which reportedly spans over 15 square miles, which is assumed to train the next generation of threat actors,” explained Yana Blachman, threat intelligence specialist at Venafi.

“In Russia, we’ve seen evidence that state-sponsored advanced persistent threat (APT)group Fancy Bear is deployed to spot talent in schools,” Blachman told ClearanceJobs. “With its direct affiliation with the Russian military and FSB, there’s also a high chance that Russia recruits threat actors from the military. It’s important to note that most major nations have offensive cyber operations now, but the countries that really stand out in terms of employing hackers are China, Russia and North Korea.

1. CHINA – A HOTBED OF HACKERS

China has continued to wage large scale cyber attacks, and this includes stealing intellectual property. More than a third of all cyber attacks are instituted in China, where the People’s Liberation Army (PLA) even employs military units that are specialized in network attack and defense.

A Foreign Policy magazine estimate from 2017 suggested that China’s “hacker army” could be upwards of 100,000 personnel strong, larger than the size of many nations’ actual military force. According to Venafi research, APT groups like APT41 use cyber espionage to support China’s long-term economic, political and military goals, often targeting carefully selected victims.

“In China, there are myriad state-sponsored groups, and we see evidence of the nation’s cyber offensive capabilities on a near-constant basis,” said Blachman. “Recently, as the threat of war in Taiwan has escalated, we’ve witnessed attacks on Taiwan’s infrastructure, which could be a precursor to invasion.”

Given how it continues to train the next generation, the threat from China is likely only to increase.

2. NORTH KOREA – SMALL NATION WITH STRONG HACKER FORCE

2021 was seen as a banner year for North Korean hackers, who reportedly stole $400 million in cryptocurrency – and 2022 will certainly be even better, as cyber agents operating from the Hermit Kingdom allegedly lifted some $600 million from a cryptocurrency gaming startup this past March.

Hacking is increasingly important for North Korea, and it now seeks to increase its efforts.

“It has been reported that North Korea, gives aptitude tests and starts training as young as 11 years old,” said Tim Morris, technology strategist at cybersecurity firm Tanium.

“Then those skills are used for ransomware and/or cryptocurrency theft to finance other programs for the government or military,” Morris told ClearanceJobs.

North Korea is also notable in that it is now the only nation in the world whose government is known to conduct such open criminal hacking for monetary gain.

“Infamous North Korean cybercrime groups such as Lazarus and APT38 are renowned for their links to the state. Lazarus is particularly prolific and has made a name for itself with attacks on Sony, the Bangladesh Bank cyber heist, WannaCry and recently targeting US energy companies,” Blachman continued. “Our research shows that North Korean state-employed hackers help to circumvent the international sanctions placed on DPRK, with the proceeds of cybercrime funneled directly into the nation’s nuclear weapons program.”

3. IRAN – QUASI-GOVERNMENT GROUP

The Islamic Republic’s Iranian Cyber Army has a known connection with Tehran, and it has even pledged its loyalty to the nation’s Supreme Leader. It is also believed that the Islamic Revolutionary Guard initiated plans for the group as early as 2005, while it was possibly commanded by Mohammad Hussein Tajik until his death in early 2020.

The Islamic Revolutionary Guard has also stated that it had the fourth largest cyber power among the world’s cyber armies. Hackers tied to the Iranian government have recently been targeting individuals specializing in Middle Eastern affairs, nuclear security, and genome research as part of a new social engineering campaign designed to hunt for sensitive information.

However, Iran’s hacking efforts could now be used against the government – as the country’s state broadcaster was recently hacked as protests for reform, and greater rights for women, grip the Middle Eastern nation. It seems that Iran could have a hard time controlling the beast it created.

4. RUSSIA – A HACKER SUPERPOWER

Even as the mighty Russian bear appears to be more of a paper tiger on the battlefield, its cyber capabilities shouldn’t be underestimated. Moscow has been focused on STEM (science, technology, engineering, math) skills for longer than the United States, and it has paid off.

“Russia has half of our population and churns out six times the number of engineering graduates, many of whom use their skills for state-sponsored cyber attacks on America,” Gunn explained to ClearanceJobs. “If some of the battles of the future will be fought online, we could end up woefully outmanned and the gap is growing every year.”

This puts Russia among the greatest cyber threats – even as it faces setbacks in its so-called “Special Military Operation” against Ukraine.

“Russia will increase its use of cyber warfare to gain a better foothold in Ukraine,” said Henry Collier, program director for Norwich University’s online Master of Science in Cybersecurity program. “Russia has previously used cyber attacks against its adversaries, to include Ukraine, with some degree of success.”

“Russia has worked to coordinate cyber attacks to try and undo the political process of their intended target,” Collier told ClearanceJobs. “The threat of Russia trying to influence the outcome of the elections is real, especially as they continue to spread misinformation across social media sites.”

In addition, Russia could target NATO countries’ infrastructure like electricity or gas in a pointed effort to make the supporting countries concentrate on their own well-being, rather than supporting Ukraine, Collier warned.

“There’s already strong evidence that cyber espionage groups such as Sandworm and Fancy Bear are associated with the Russian armed forces (GRU),” added Blachman. “Famous attacks by these groups include the Ukrainian power grid attacks in 2015 and the NotPetya attacks of 2017, as well as numerous attempts to derail political processes across the globe. These targets suggest the motives of these groups are aligned to Russia’s political and military goals.”

5. UNITED STATES – READY FOR THE CYBER DOMAIN

Cyberattacks aren’t just something the “bad guys” conduct. The United States maintains its own wide-reaching cyber warriors. This includes the United States Cyber Command, which is one of the 11 unified combatant commands of the United States Department of Defense. While originally created with a defensive mission in mind, Cyber Command has increasingly been viewed as an offensive force.

“The U.S. has its own programs that do the reconnaissance, defensive, and offensive operations,” said Morris.

In just the past month, China alleged that U.S. cyber operatives have conducted cyberattacks against its interests. Beijing accused the National Security Agency of infiltrating China’s telecommunication infrastructure to steal user data by intercepting digital communication between multiple parties.

THE COST OF HACKING

There are a multitude of reasons why cyber has become a domain where this not-so-secret war is waged, and why the United States could become increasingly more aggressive in how it utilizes cyber.

“Trillions of dollars of IP has been stolen, billions of dollars of wealth have been plundered, our power grid and essential services are at risk, and now lives are being lost in hospitals that have been hit with ransomware,” said Gunn. “We need to expand beyond a purely defensive posture and go on the offense against known people and groups that are actively attacking America targets.”

Such calls are increasing, simply because the defensive efforts aren’t doing enough – and a strong defense could begin with a strong offense.

“Unfortunately, defending against nation-state cybercrime is very difficult. They’re well-funded, highly sophisticated, and capable of thinking outside the box to find new ways to attack networks, using techniques we’ve never seen before,” said Blachman. “To protect its national infrastructure, government departments, and businesses, the U.S. government and companies must be proactive in protecting machine identities and have visibility over their environments in order to spot changes and react fast.”

It is also likely other nations will see the potential of cyber, said Morris, who added, “Each nation-state may have different motives whether is disruption, disinformation/propaganda, hacktivism, reconnaissance, intellectual property theft, or extortion.”

No comments: