Gone are the days where nation-state-grade cyberattacks were the exclusive activity of state actors against state targets. Today, the situation has shifted. Nation-state-grade cyberattacks are still dominated by state actors, but increasingly, non-state attackers purchasing nation-state-grade cyberattack tools on the Darknet, are also leading cyberattacks against private enterprises and even targeting private citizens.
Nation-state-grade cyberattacks over the last two decades
Major nation-state-grade cyberattacks of the 21st century
Though most states today are guilty of using cyber tools to spy on other states, we will focus on the biggest offenders, China and Russia, and look at how the nature of their cyberattacks is evolving.
One of the first recorded uses of a cyber offensive targeting both public opinion and civil infrastructure leading to state-wide disruption, was the spring 2007 Estonia attack. Triggered by the removal of a Soviet-era war memorial monument, that attack consisted of a combination of offensives between April 27 and May 18, 2007. It crippled Estonian banks, media outlets, and government bodies through massive waves of spam and automated online requests that swamped servers and crashed services.
The nature of the attack, which relied on an extensive network of participants globally located, made it impossible to pin the attack on the Russian government, nonetheless it is widely assumed they were behind that attack.
From attacks that have been directly identified as nation-state-sponsored cyber attacks, we can see an evolution in both motivation and sophistication over the last two decades.
|2007||Disruption||A wave of attacks on Estonian banks, media outlets and government bodies||Russia|
|2008||Disruption||Russia/South Ossetian, Georgia, and Azeri websites attacked during Russia/Georgia war||Russia|
|2008||Information gathering||China accessed internal data from both the McCain and Obama campaigns in the lead-up to the 2008 elections||China|
|2008||Information gathering||Turla worm penetrates US Military assets||Russia|
|2009||Theft||Hackers broke into the Pentagon’s Joint Strike Fighter project||China|
|2009||Disruption||Hackers shut down the services of Twitter and Facebook in Georgia to commemorate the 1st anniversary of the Russian Invasion.||Russia|
|2010||Information Gathering and theft||Operation Aurora targeting dozens of critical infrastructure||China|
|2009-2011||Information gathering||‘Night Dragon’ attacks, designed to extract sensitive data||China|
|2016||Election interference||“Fancy Bear” interfering in Trump’s elections, aiming to boost his candidacy and interfere with the results||Russia|
|2015||Disabling infrastructure||Hackers took control of a Ukrainian power station, locking controllers out of their own systems and shutting down power to more than 235,000 homes.||Russia|
|2016||Election Interference||Attempt to interfere with the German election||Russia|
|2017||Information gathering/Theft||Equifax – theft of up to 147 million American citizen’s PI – presumed to hold economic value in developing AI tools||China|
|2020||Information gathering/Theft||EasyJet – PI of 9 Million EasyJet customers||China|
|And the list goes on.|
The growing range of motivations behind nation-state-sponsored cyber attacks has serious implications both for States and for private enterprises. Nation-state-sponsored cyber attacks have moved from purely spying, to actual theft of database or IP to gain economic advantages. As they are increasingly readying themselves to evolve from spying to interfering and disrupting and, ultimately, to destroying, the range of potential targets now covers every walk of life.
Governments are now investing in cyber espionage and civilian cyber defense
Another worrying aspect of the cyber-espionage and cyber-offensive trends is the parallel growth of state-funded in-house cyberspying and cyber-penetration tooling improvement and the emergence of private sector offensive actors (PSOAs), modern-day mercenaries selling their offensive cyber knowledge and skills to the highest bidders, including governments.
This resulted in initiatives such as the US Homeland Security “State and Local Security Improvement Act” that frees a federal budget of $500 million dedicated exclusively to securing State and local government networks.
What are the goals of the rising numbers of nation-state grade attacks?
The motivations behind nation-state-grade cyber attacks have evolved from simply spying, focusing on gaining military and diplomatic advantage to covert infiltration maneuvers. Their goals range from information gathering, IP theft to gain economic advantage, manipulation of media and social media to influence political landscape – or even generate civil unrest, laying malware capable of disrupting or disabling civilian infrastructures such as water or energy supplies. And the list goes on.
The rising availability of nation-state grade tools
At the beginning of the 21st century, nation-state-grade cyberattack tools were owned and operated exclusively by states. Over the last decade, those tools have become increasingly available on the Darknet for worryingly affordable prices.
This trend received a major boost in 2016/2017 with the leak of classified NSA and CIA hacking tools. These leaked tools include offensive and spy tools such as:
- UNITEDDRAKE – an NSA mass-surveillance and espionage tool –
- HIVE – a CIA malware designed to untraceably send exfiltrated information to CIA servers and receive new instructions from CIA operators
- Weeping Angel – targeting IoT devices such as smart TV for spying purposes, and
- UMBRAGE – used to run false flag operations
In the aftermath of those leaks, downloadable tutorial videos on how to use those leaked tools were posted even on such readily available platforms as YouTube (which led to the subsequent termination of the associated YouTube accounts, but only after a few thousands views and downloads.)
Armed with access to such advanced nation-state grade tools, non-state attackers’ offensive capabilities often rival state attacks, turning any private enterprise into a potential target for a nation-state level cyberattack.
Tools that can relatively easily and inexpensively be obtained on the Darknet, are now available to cyber criminals, enabling them to launch nation-state-grade attacks; this turns any organization into a potential target.
Protecting virtual assets, as well as connected physical assets, now requires a combination of strategies. Maintaining a high level of cyber hygiene, as outdated systems are most vulnerable is the first step. It is also necessary to analyze the risk based on attackers’ potential motivations, while considering the increased availability of nation-state-grade offensive tools. Security teams have much to do if they plan to mitigate such attacks.
Get in touch with our experts for a consultation on cyber defense planning.