What are state-sponsored cyberattacks?
Cyberattacks cost very little when compared to traditional military operations. In addition, they are generally easier to carry out. With their great deniability, they typically have far less consequences to the attacker. These are all reasons why state-sponsored cyber attacks are a thing.
Time before and after Stuxnet
“When people talk about state-sponsored cyberattacks, we commonly hear about the time before and after Stuxnet”, says Anthony Joe Melgarejo from WithSecure’s Tactical Defense Unit. Stuxnet was a piece of malware used by the US and Israel against Iranian nuclear facilities. Its discovery in 2010 changed the game. Suddenly states realized that they could utilize cyber attacks in achieving their political, commercial, and military goals.
Before Stuxnet cyber security was more concerned about hackers and cyber criminals. Their motivation is usually to gain money. State-sponsored cyberattacks don’t necessarily involve monetary goals at all. Being funded by states, such attackers can have far greater capabilities when compared to rogue hackers.
What are state-sponsored cyberattacks?
States can directly employ hackers through their militaries and government authorities. They can also fund them indirectly. This makes it easier to deny the involvement of the state if the attack was detected. This in turn can decrease the diplomatic repercussions these attacks can have. It also blurs the line between criminal organizations and government groups. The state-sponsored units then target the adversaries of their funders for different reasons. State-sponsored cyberattacks can, for example, involve:
Espionage: Discovering corporate secrets, technologies, secret political information, etc.
Attacking critical infrastructure and companies: This can damage the defender and greatly diminish their defensive capabilities.
Spreading disinformation: This action can be very effective in disrupting political opinion within a state, affecting elections, spreading resentment against governments or individuals, or improve public opinion on certain parties. More about disinformation and fake news here >>
Testing the capabilities and readiness of adversaries: Sometimes the only goal is to test the capabilities of the attacker or to see how well the adversary is prepared.
Cyberattacks have become an essential part of modern hybrid warfare. It combines all kinds of hostile actions used to accomplish goals. Hybrid warfare can involve conventional military operations, cyberattacks, misinformation and supporting local separatist groups. Such tactics have been lately used, for example, by Russia against Ukraine.
Hard to detect, easy to deny
Of course, states are not the only parties behind cyberattacks. Criminal groups and individuals and terrorists are also some of the actors out there. Because they are well funded, equipped and trained, state-sponsored attacks aren’t easy to detect. Even if the attack is discovered, it can easily look like someone else was behind it. Proving that a state was behind a cyberattack can be very difficult. This makes cyber attacks an effective and quite risk-free option for states to use.
Watch the video below for Melgarejo’s full explanation of state-sponsored cyber attacks!
Of Cameras & Compromise: How IoT Could Dull Your Competitive Edge
The Internet of Things is here. And with it are exciting possibilities, cost savings and efficiencies. But there’s a dark side to this bright new world, and it can be summed up in what we call Hypponen’s Law: If it’s smart, it’s vulnerable.Read more
How to decompile any Python binary
At WithSecure we often encounter binary payloads that are generated from compiled Python. These are usually generated with tools such as py2exe or PyInstaller to create a Windows executable.Read more