A threat actor is a person or organization that causes intentional damage in the digital world. They can target individuals, companies, or even whole countries. Threat actors can employ various attacks to reach their goals, from exploiting vulnerabilities to spreading ransomware.
The threat actor definition is much broader than the one of the cybercriminal. Threat actors are not necessarily criminal figures — they can be hacktivists, state-backed hackers, or cyberwarfare participants.
State-level entities usually initiate nation-state attacks, so they typically have a solid backing. Groups of super-skilled hackers are behind most nation-state attacks. They also can allocate a lot of money for attacks and inflict more damage than typical cyberattacks. However, in some cases, nation-state threat actors are individuals working with or assisting a group.
Nation-state actors usually aim for high-profile targets such as military secrets, infrastructures, massive-scale disinformation, or propaganda campaigns. They also operate on a national level, so due to this “official” status, they won’t get persecuted in their home country. On the contrary, rogue states such as Russia even encourage their hackers to target Western countries.
Here are the top sponsors of state-hacked cybercrime:
A country can employ a group of its most skilled hackers by paying them generous wages to cripple other countries’ infrastructure. A state can have sufficient resources to do that, while it would be pretty difficult for an individual cybercriminal.
State-backed hackers can also simply perform their profit-based activities and still get state support. For example, Evil Corp, which hacked Garmin, is allegedly a state-backed group.
Here are the main motives of nation-state attackers:
The motivation of states is similar:
Nation states usually don’t target single individuals unless such action causes substantial impact. These threat actors aim to cause large-scale disturbances, so more often, they try to incur damage to:
Here are a few most notable nation-state attacks.
In 2016, the Russian government interfered in the 2016 US presidential election to harm Hilary Clinton’s campaign and destabilize the US. Hacker activities were a significant part of this campaign. They infiltrated information systems of various governmental institutions and publicly released stolen files. The Russian government denied being involved in these hacks.
Stuxnet is one of the most famous nation-state attacks. Stuxnet is a malicious worm that attacked Iranian nuclear systems. It is responsible for causing substantial damage to Iran’s nuclear program. Perpetrators distributed the worm via infected USB flash drives. The worm then spread across the network and crippled the systems. Even though no country has admitted responsibility, it is widely assumed that Israel and the US jointly built Stuxnet.
Before and during the 2022 Russian invasion of Ukraine, Ukraine experienced several cyberattacks from Russia. Some took down around 70 Ukraine government websites and multiple government and bank services. However, further cyberattacks were of limited success. Anonymous, the independent hacktivist group, launched retaliatory cyberattacks against Russia.
In February of 2022, North Korean government-backed groups targeted many employees across the media, software, and fintech sectors. Hackers used phishing emails to exploit Google Chrome vulnerabilities, compromise websites, and spread malware. This is one of many North Korean hacking attempts — the country is considered one of the four biggest sponsors of nation-state cyberattacks.
China is another top supporter of state-sponsored cyber threats. Its most notable attacks include Operation Aurora, a sophisticated cyberattack that targeted Google and Adobe, a four-month cyberattack targeting The New York Times’ reporters, and a cyberattack on America’s Office of Personnel Management.
We should worry about nation-state attacks, especially in the present geopolitical context. Even though lay users are not likely to become targets of nation-state attacks, such attacks could bring very direct or even fatal consequences. For example, attacks on infrastructure can leave ordinary citizens without water or electricity, while crippling nuclear systems can cause fatal consequences for a whole region. Nation-state attacks can also expose the personal data of thousands or millions of citizens.
Here are some trends for the future development of nation-state threats defined by the European Union Agency for Cybersecurity:
Want to read more like this?
Get the latest news and tips from NordVPN