As the world becomes ever more digital, the benefits of cyber attacks as an instrument of state power grow. Targets of nation-state cyber attacks include financial services and manufacturing companies, critical infrastructure (e.g., water system, power grids, communications), educational institutions and healthcare providers—organizations that hold valuable and proprietary sensitive information.
The most prominent nations that use cyber attacks as an instrument of domestic and international policy, espionage and warfare tend to be far better funded, far more organized and far harder to catch and punish than financially motivated cybercriminals.
The goal of nation-state cyber attacks
Nation-state cyber attackers share motives with national governments, but they operate in an arena where they can pursue policy goals under a shroud of deniability.
The motivations of state-sponsored hackers are myriad:
- Trade secrets. Stolen business secrets and intellectual property can provide economic benefit to the attacking country.
- Military secrets. Stealing a rival's military technology can help an attacking country accelerate the development of its own.
- Medical secrets. Government-backed hackers have been exploiting the COVID-19 pandemic as a cover for electronic theft, Wired reports. The governments of the United States, the United Kingdom and Canada have accused the Russian, Chinese and Iranian governments of trying to compromise vaccine research through state-sponsored cyber attacks. The US Department of Justice has charged two Chinese hackers, allegedly working on behalf of the Chinese government, in connection with cyber attacks designed to steal sensitive information, including COVID-19 research data.
- Negotiation leverage. Some nation-states hack governments to gain intelligence on how they intend to approach upcoming negotiations. The American cybersecurity firm Recorded Future claims that state-sponsored Chinese hackers targeted the Vatican and the Catholic Diocese of Hong Kong ahead of sensitive negotiations between China and the Vatican.
- Information about dissidents. Some governments target the personal communications, bank records, movement and activity of people or groups they classify as a threat to domestic political order.
- Preparation for open cyberwarfare. Preparing for cyberwarfare means identifying potential allies and identifying targets and methods of penetrating them.
- Preparation for war. Knocking around an enemy's critical infrastructure destabilizes a potential enemy's ability to wage war.
- Blackmail. Gathering compromising information on powerful people makes it possible to coerce them into becoming an unwilling ally.
- Election meddling. Attacks on voting infrastructure can compromise the outcomes of democratic elections.
- Retaliation. Cyber attacks, such as the North Korean attack on Sony Pictures, can be a major check on the activities of a targeted nation.
What sets nation-state cyber attacks apart
Most cybercriminals are largely indiscriminate and opportunistic; they'll attack whoever is vulnerable and take what they can get. Nation-state hackers, on the other hand, are more selective; their targets are often part of a big-picture strategy that serves the sponsoring nation-state. As such, these adversaries are often well-armed and well-resourced with access to advanced attack tools available on the deep and dark web.
In more than one well-publicized nation-state attack, it was clear that the attackers used cyber tools developed by and stolen from the US National Security Agency.
Most target organizations—governments, private companies with significant intellectual capital or institutes of higher learning—are adept at fighting traditional means of attack. But when it comes to preparing for and responding to a nation-state attack, enterprises need a whole different skill set and program capability. Advanced adversaries require an advanced security program.
Learn how Verizon helps companies strengthen cyber resiliency across the enterprise.