The world has seen the dawn of cyberwar, millions of people have been affected by data breaches, and insider threats are a growing problem for businesses. The year 2016 also introduced the world to a new threat – state-sponsored hacking – as numerous events surfaced, bringing to light the underworld of cyber strategy and warfare. State-sponsored hackers are often included in what are called “advanced persistent threats” (APTs). APTs often have extensive resources available, and the ability to infiltrate computer systems and then exfiltrate data back to a command and control server at the location of the hacker’s choice.
By many accounts, the first notable instance of state-sponsored hacking came in 2007, when Estonia’s digital infrastructure came under a denial of service attack by hackers. The attacks have been attributed to Russia, and occurred after tensions had been mounting over the relocation of a Soviet-era statue. In the past decade, numerous incidents have been made public, although the murky distinction between cyberwar, state-sponsored hacking, and espionage operations makes it difficult to categorize many of them. APTs may have goals ranging from destruction, to disruption, to data exfiltration, or all of the above.
In more recent memory, during the 2016 election cycle, the Democratic National Committee experienced a serious breach, with internal data and emails later posted to Wikileaks. The US government attributed this breach to Russia, and a forensic analysis of the computer systems by Crowdstrike has shown that two different groups of Russian state-sponsored hackers had breached the system. In this case, it seems that the primary purpose of the attack was to exfiltrate data, although some believe its purpose was to disrupt the election.
Another instance of state-sponsored hacking involves a Chinese group called “Deep Panda”. The Anthem breach of 2015 was attributed to this group, as well as intrusions documented at various think tanks. Another Chinese group was responsible for the 2015 breach at the Office of Personnel Management (OPM) at the US federal government. This breach involved the records of some 20 million current and former federal workers, and it seems clear that the goal of this incident was to gather extensive intelligence about federal employees for political purposes.
APTs pose difficulties to businesses and governments alike, and it’s likely that we have not heard the last of state-sponsored hacking incidents.