What are nation-state actors?

A threat actor is a person or organization that causes intentional damage in the digital world. They can target individuals, companies, or even whole countries. Threat actors can employ various attacks to reach their goals, from exploiting vulnerabilities to spreading ransomware.

The threat actor definition is much broader than the one of the cybercriminal. Threat actors are not necessarily criminal figures — they can be hacktivists, state-backed hackers, or cyberwarfare participants.

State-level entities usually initiate nation-state attacks, so they typically have a solid backing. Groups of super-skilled hackers are behind most nation-state attacks. They also can allocate a lot of money for attacks and inflict more damage than typical cyberattacks. However, in some cases, nation-state threat actors are individuals working with or assisting a group.

Nation-state actors usually aim for high-profile targets such as military secrets, infrastructures, massive-scale disinformation, or propaganda campaigns. They also operate on a national level, so due to this “official” status, they won’t get persecuted in their home country. On the contrary, rogue states such as Russia even encourage their hackers to target Western countries.

Here are the top sponsors of state-hacked cybercrime:

• Russia
• Iran
• North Korea
• China

A country can employ a group of its most skilled hackers by paying them generous wages to cripple other countries’ infrastructure. A state can have sufficient resources to do that, while it would be pretty difficult for an individual cybercriminal.

State-backed hackers can also simply perform their profit-based activities and still get state support. For example, Evil Corp, which hacked Garmin, is allegedly a state-backed group.

Here are the main motives of nation-state attackers:

• Nationalism. Nation-state hackers feel they participate in cyberwarfare and serve their country’s interests.
• Financial gain. Such cybercriminals usually get generous incentives from their governments for their actions.
• No accountability. Usually, they can get away with criminal acts in their country if they serve its interests.

The motivation of states is similar:

• Financial gain. Such countries as North Korea also manage to generate cash from such attacks.
• Demonstrations of national pride. Such attacks are often driven by the attacking country’s willingness to display power and the ability to incur large-scale damage.
• Cyberwarfare activities. Nation-state actors are the main participants of cyberwars, which can accompany physical conflicts or take place without the presence of physical warfare. Usually, such threats affect some critical infrastructure to cripple a country’s economic, military, or political sectors. For example, nation-state threat actors can steal military data or hack railway systems.
• Espionage. Nation-state attacks help to obtain confidential data for cyberattackers.

Nation states usually don’t target single individuals unless such action causes substantial impact. These threat actors aim to cause large-scale disturbances, so more often, they try to incur damage to:

• Businesses.
• Governments.
• Governmental, security, or military institutions.
• Critical infrastructures.
• Individuals that hold important data.
• Media and communications.
• Cybersecurity entities.

Here are a few most notable nation-state attacks.

Russian interference in the US elections

In 2016, the Russian government interfered in the 2016 US presidential election to harm Hilary Clinton’s campaign and destabilize the US. Hacker activities were a significant part of this campaign. They infiltrated information systems of various governmental institutions and publicly released stolen files. The Russian government denied being involved in these hacks.

Stuxnet attack

Stuxnet is one of the most famous nation-state attacks. Stuxnet is a malicious worm that attacked Iranian nuclear systems. It is responsible for causing substantial damage to Iran’s nuclear program. Perpetrators distributed the worm via infected USB flash drives. The worm then spread across the network and crippled the systems. Even though no country has admitted responsibility, it is widely assumed that Israel and the US jointly built Stuxnet.

Russian cyberattacks on Ukraine

Before and during the 2022 Russian invasion of Ukraine, Ukraine experienced several cyberattacks from Russia. Some took down around 70 Ukraine government websites and multiple government and bank services. However, further cyberattacks were of limited success. Anonymous, the independent hacktivist group, launched retaliatory cyberattacks against Russia.

North Korea attacks

In February of 2022, North Korean government-backed groups targeted many employees across the media, software, and fintech sectors. Hackers used phishing emails to exploit Google Chrome vulnerabilities, compromise websites, and spread malware. This is one of many North Korean hacking attempts — the country is considered one of the four biggest sponsors of nation-state cyberattacks.

Chinese cyberattacks

China is another top supporter of state-sponsored cyber threats. Its most notable attacks include Operation Aurora, a sophisticated cyberattack that targeted Google and Adobe, a four-month cyberattack targeting The New York Times’ reporters, and a cyberattack on America’s Office of Personnel Management.

We should worry about nation-state attacks, especially in the present geopolitical context. Even though lay users are not likely to become targets of nation-state attacks, such attacks could bring very direct or even fatal consequences. For example, attacks on infrastructure can leave ordinary citizens without water or electricity, while crippling nuclear systems can cause fatal consequences for a whole region. Nation-state attacks can also expose the personal data of thousands or millions of citizens.

Here are some trends for the future development of nation-state threats defined by the European Union Agency for Cybersecurity:

• Nation-state threat actors will continue to pursue operations for intelligence gathering.
• State-backed hackers will develop ransomware tools to attack and weaken adversarial governments.
• Nation-state threat actors will continue to attack supply chains.
• Threat actors will pursue cyber-enabled operations on important geopolitical issues.
• State-backed hack-and-leak operations will continue.