There are hackers, and then there are hackers. Yes, the nefarious kind portrayed in cult movies and widely appreciated in popular culture—those guys. The differences are vast between a lightweight and heavyweight hacker, or worst of all a group of nation-state-sponsored heavyweight hackers. The amount of hacking knowledge a typical, say, email phishing scammer has compared to a state-level digital hitman is incomparable; not to mention the tools and financial resources at their disposal. Because ransomware is used by high-end cybercriminal groups and is a familiar staple of theirs, as well as methods like spear-phishing, DDoS, MiTM, fileless, code injections, custom trojans—you name it—it is a telling sign that points to just how dangerous state-sponsored hackers are. Why is it important to inform yourself about state-sponsored hackers? For one, the statistics are shocking and apply to everyone’s safety. Secondly, awareness about their techniques could help you secure your data, especially if you run a company. Let’s look into all of that.
What is a State-Sponsored Hacker
A state-sponsored hacker or group of hackers can be referred to with the following names; cyber-terrorists, APTs (Advanced Persistent Threats), threat actors, and nation-state cybercriminals. Let’s stick with threat actors as this seems to be a good baseline general term. So, what are high-level threat actors? Simply put, these are trained gung-ho programmer-soldiers that are backed by hardcore nation-states like North Korea and Iran and large powerful nations like Russia and China. These hackers have access to unlimited resources for their deeds, which is most often toppling Western ‘adversaries’, disrupting things or spying on them, or a combination of all three. Of course, government-backed hackers working for national interests are not exclusive to these countries alone, it is just that this information is what makes the news consistently. How they operate is not something that is transparent, as threat actors employ a large, multi-purpose arsenal of anonymization techniques. Furthermore, how (and if) they are affiliated with each other is also very difficult to ascertain even by the most elite cybersecurity firms. Details do eventually come to the surface, but in a lot of cases the damage was already done—mission accomplished for the threat actors. What remains is to pick up the ashes of an attack.
The results of state-sponsored cyberattacks (hacking attacks) clearly never work in favor of the victim (s), but do vary in terms of outright severity e.g. damage caused. A state-sponsored political espionage campaign is not equal to state-sponsored ransomware extortion in the medical sector, so there are varying degrees of that. However, such attacks are almost always politically-motivated.
The ‘Best’ Examples of Some of The Worst State-Sponsored Cybercrime
Some of the worst examples of threat actor cybercrime include notorious cyber incidents—some of which still linger—which are usually named by federal governments (unless they already have a name.) Those names are WannaCry, Titan Rain, and Solarwinds. All of these involve highly sophisticated hacking techniques, schemes, and have devastating consequences.
The WannaCry crypto-ransomware extortion attack in 2017 led to the compromise of computers all over the world, sadly also affecting the medical industry. The attack targeted Windows machines, locking the contents of the hard drives and demanding payment in Bitcoin. WannaCry resulted from an NSA tool that was stolen by The Shadow Brokers group one year before the attack. Only some victims received their data to this day in return for hundreds of dollars in BitCoin, per victim.
Titan Rain is a series of military-precision cyber attacks ranging from 2003-2006, orchestrated by an APT. Hackers breached U.S. defense contractor networks such as Lockheed Martin and NASA for sensitive information. Titan Rain caused the theft of some unclassified information as well as directly being attributed to creating tension between countries such as China, Russia, and the UK.
The SolarWinds supply-chain attack incident was described by the U.S. government as the worst cyberattack in history, taking place between 2019 and 2020. It affected high-level businesses, federal agencies, defense, intelligence, and even courts. Threat actors inserted infectious code into an update for a network management platform known as SolarWinds Orion. The customers (almost all in the Fortune 500) unknowingly downloaded the update and as a result, infected their own systems and networks with the code. The hackers remained so well hidden that their exact methods are still unknown, and the U.S Senate has met several times with top cybersecurity and tech firms to try to get a hold of the situation.
Is it Possible to Defend Against High-level Hackers?
Clearly, extreme cutting-edge threat actor attacks like the SolarWinds incident that can jeopardize a nation’s security are almost impossible to defend against. Trillions of dollars have been lost to cyberattacks over the years, and unfortunately, threat activity like ransomware and phishing campaigns are on the rise. Implementing zero-trust architectures, backing up data offline, improving supply chain cybersecurity and threat detection are the only ways to defend against sophisticated cybercrime in our day and age.