Not-So-Secret Cyberwarfare: 5 Nations Leading the Most Cyberattacks


October is Cybersecurity Awareness Month, but cybervigilance should be practiced year-round. Unfortunately, the threat vector continues to escalate, and hacking is now an area where a not-so-secret the war is on. A question remains, however, as to which nations are actively engaged – but also where some of these states manage to train their cyber teams to carry out these hacks.

“Most of our enemies offer free college education to their citizens,” warned John Gunn, CEO of cyber security Provider token.

There is also evidence to suggest that China and Russia, in particular, have e-learning programs in place.

“China has a vast national cybersecurity center in Wuhan, reportedly spanning more than 15 square miles, which is supposed to train the next generation of threat actors,” said Yana Blachman, threat manager. intelligence specialist at Venafi.

“In Russia, we have seen evidence that the state-sponsored Advanced Persistent Threat (APT) group Fancy Bear is deployed to scout for talent in schools,” Blachman told ClearanceJobs. “With its direct affiliation with the Russian military and the FSB, there is also a strong chance that Russia will recruit threat actors from the military. It is important to note that most major nations now have offensive cyber operations, but the countries that really stand out in terms of hacker employment are China, Russia and North Korea.

1. China – a hotbed of hackers

China has continued to carry out large-scale cyberattacks, and that includes intellectual property theft. More than a third of all cyberattacks are launched in China, where the People’s Liberation Army (PLA) even employs military units specializing in attacking and defending networks.

A Foreign Police A 2017 magazine estimate suggested that China’s “hacker army” could number over 100,000 men, larger than the size of the actual military force of many countries. According to Venafi’s research, APT groups like APT41 use cyber espionage to support China’s long-term economic, political and military goals, often targeting carefully selected victims.

“In China, there are a myriad of state-sponsored groups, and we see evidence of the nation’s cyber-offensive capabilities on an almost constant basis,” Blachman said. “Recently, as the threat of war in Taiwan has intensified, we have witnessed attacks on Taiwan’s infrastructure, which could be a precursor to an invasion.”

Given how it continues to train the next generation, the threat from China will likely only increase.

2. North Korea – Small nation with strong hacker force

2021 was considered a banner year for North Korean hackers, who reportedly stole $400 million in cryptocurrency – and 2022 is sure to be even better, as cyber operatives operating from the Hermit Kingdom reportedly raised some $600 million from a cryptocurrency gaming startup last March.

Hacking is increasingly important to North Korea, and it is now looking to increase its efforts.

“It has been reported that North Korea takes aptitude tests and starts training as young as 11,” said Tim Morris, technology strategist at cybersecurity firm Tanium.

“Then those skills are used for ransomware and/or cryptocurrency theft to fund other programs for the government or the military,” Morris told ClearanceJobs.

North Korea is also notable in that it is now the only country in the world whose government is known to conduct such open criminal hacking for monetary gain.

“Infamous North Korean cybercriminal groups such as Lazarus and APT38 are notorious for their ties to the state. Lazarus is particularly prolific and has made a name for itself with attacks on Sony, the Bangladesh Bank cyber heist, WannaCry and recently targeting US energy companies,” Blachman continued. “Our research shows that hackers employed by the North Korean state help circumvent international sanctions on the DPRK, with the proceeds of cybercrime funneled directly into the country’s nuclear weapons program.”

3. Iran – Quasi-Governmental Group

Iran’s Islamic Republic cyber army has a known connection to Tehran and has even pledged its loyalty to the country’s Supreme Leader. The Islamic Revolutionary Guards are also believed to have launched plans for the group as early as 2005, when it was possibly commanded by Mohammad Hussein Tajik until his death in early 2020.

The Islamic Revolutionary Guards also said they hold the fourth largest cyberpower among the world’s cyberarmies. Hackers linked to the Iranian government recently targeted people specializing in Middle Eastern affairs, nuclear security and genome research in a new social engineering campaign designed to seek out sensitive information.

However, Iran’s hacking efforts could now be used against the government – as the country’s state broadcaster was recently hacked as protests for reform and improved women’s rights gripped the airwaves. Middle Eastern nation. It looks like Iran might have a hard time controlling the beast it has created.

4. Russia – A hacker superpower

Even though the mighty Russian Bear appears to be more of a paper tiger on the battlefield, its cyber abilities should not be underestimated. Moscow has been focusing on STEM (science, technology, engineering, math) skills for longer than the United States, and it has paid off.

“Russia has half our population and produces six times as many engineering graduates, many of whom use their skills for state-sponsored cyberattacks against America,” Gunn told ClearanceJobs. “If some of the battles of the future are fought online, we could end up woefully understaffed and the gap is growing every year.”

This puts Russia among the biggest cyber threats – even as it faces setbacks in its so-called “special military operation” against Ukraine.

“Russia will increase its use of cyber warfare to better entrench itself in Ukraine,” said Henry Collier, director of Norwich University’s online master of science in cybersecurity program. “Russia has already used cyberattacks against adversaries, including Ukraine, with some success.”

More worrying is what it could mean for the upcoming US midterm elections.

“Russia has tried to coordinate cyberattacks to try to defeat the political process of their target,” Collier told ClearanceJobs. “The threat of Russia trying to influence the outcome of the election is real, especially as it continues to spread misinformation on social media sites.”

In addition, Russia could target NATO countries’ infrastructure like electricity or gas in a targeted effort to make the countries supporting them focus on their own well-being, rather than supporting Ukraine, warned Collier.

“There is already strong evidence that cyber espionage groups such as Sandworm and Fancy Bear are associated with the Russian Armed Forces (GRU),” Blachman added. “Famous attacks by these groups include the Ukrainian power grid attacks in 2015 and the NotPetya attacks in 2017, as well as numerous attempts to derail political processes around the world. These targets suggest that the motivations of these groups are aligned with Russia’s political and military goals.

5. United States – Ready for the cyber domain

Cyberattacks aren’t just something the “bad guys” carry out. The United States maintains its own full-scale cyber-warriors. This includes United States Cyber ​​Command, which is one of the United States Department of Defense’s 11 unified combatant commands. Although originally created with a defensive mission in mind, Cyber ​​Command has increasingly been seen as an offensive force.

“The United States has its own programs that do reconnaissance, defensive and offensive operations,” Morris said.

Over the past month, China has alleged that US cyber operatives have carried out cyberattacks against its interests. Beijing has accused the National Security Agency of infiltrating Chinese telecommunications infrastructure to steal user data by intercepting digital communications between multiple parties.

The cost of piracy

There are a multitude of reasons why cyber has become an area where this not-so-secret war is being fought, and why the United States may become increasingly aggressive in its use of cyber.

“Billions of dollars in intellectual property have been stolen, billions of dollars in wealth have been looted, our power grid and essential services are at risk, and now lives are being lost in hospitals that have been hit by ransomware” , Gunn said. “We must move beyond a purely defensive posture and move on the attack against known individuals and groups who are actively attacking US targets.”

Such calls are on the rise, simply because defensive efforts aren’t enough – and a solid defense could start with a solid attack.

“Unfortunately, defending against nation-state cybercrime is very difficult. They’re well-funded, highly sophisticated, and able to think outside the box to find new ways to attack networks, using techniques we’ve never seen before,” Blachman said. “To protect its national infrastructure, government departments, and businesses, the U.S. government and enterprises must be proactive in protecting machine identities and have visibility into their environments to detect changes and respond quickly.”

It is also likely that other nations will see the potential of cyber, said Morris, who added: “Each nation-state may have different motives, be it disruption, disinformation/propaganda, hacktivism , reconnaissance, theft of intellectual property or extortion”.

Previous Iranian-Americans on Long Island show support for native residents demanding change
Next US tries to speed up delivery of key air defense systems to Ukraine after Iran-supplied drone attacks from Russia