Whenever we read about state-sponsored threat actors, the two countries that strike our minds are Russia and China. Government-motivated cybercriminal groups from these countries have been reportedly ruling the underground darknet markets with innovative attack techniques and malware campaigns.
Cyberattacks from these organized groups even blurred the relations among their bordering countries. For instance, economic relations between India and China have worsened after troops from both sides were involved in a skirmish in May 2020. While the duel did not lead to direct war, the cyberespionage campaigns from Chinese attackers continued to disrupt several organizations in India. Recently, security researchers found Chinese hackers targeting multiple Indian organizations in the power and transportation sectors, using common infrastructure tactics, techniques, and procedures (TTPs).
The Anti-Relation Between Russia and U.S.
Most of the cyberattacks or disinformation campaigns that occurred in the U.S. are attributed to Russian government-backed threat actors. The scale of cyber activities by Russian attackers had increased after the Department of Homeland Security (DHS) notified in 2017, that 21 U.S. states were targeted by Russian hackers to sway the 2016 U.S. presidential elections in favor of Donald Trump.
From harvesting Americans’ sensitive information to meddling with the elections, the infamous Russian threat actor groups like APT28, Cozybear, and Strontium performed various cyber-espionage operations on U.S.-based organizations, think tanks, political personalities, and users.
What the Experts Say…
Commenting on the current threat landscape across countries, Admiral (ret.) Michael S. Rogers stated that cyberattacks by nation-states are becoming more proficient and aggressive. Speaking at CyberCube’s webinar, Rogers stated that the extent of cyberattacks has changed with the recent SolarWinds attacks and attacks on Microsoft Exchange servers this month, which are evidence of increased nation-state cyber activities. Rogers is also the former Director of the National Security Agency (NSA) and Commander of U.S. Cyber Command.
“We went through a period between about 2011 and 2017, during which nation-states increased levels of activity. This includes the NotPetya hits in the summer of 2017, probably the largest global event we’ve ever seen. And after that, given its repercussions, there seems to have been a bit of a step back. You’re seeing criminal groups share tools, and you’re seeing the lines between nation-state and criminal groups blur a little bit. The Russians in particular, often tend to use criminal groups to engage in a state-associated activity. This proliferation of tools is creating a challenging environment,” Rogers said.
“We’re not all sitting behind a central security stack right now. Now we’re dispersed. We’ve blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure’. The bottom line is the attack surface is just proliferated as a result,” Rogers added.