While cyber espionage is said to be responsible for only 10% of the total number of breaches as opposed to cybercrime (86%) in 2020, it is arguably a more damaging threat than the latter. Cyber espionage can destroy the reputation of institutions, lead to intellectual property theft, and, sometimes, bring competitors down.
What Is Cyber Espionage?
Cyber espionage is a kind of cyber attack designed to steal classified data or intellectual property to edge out a competitor or spy on a government. It is essentially the practice of spying on a target using digital means.
In this case, the spies are nefarious hackers from anywhere in the world who use cyberwarfare for economic, political, or military gain. They are deliberately recruited and highly valued since they have the technical know-how to shut down government infrastructures, financial systems, or utility resources. They can influence the outcome of political elections, create havoc at international events, and help companies succeed or fail.
Many cyber espionage actors use advanced persistent threats (APTs) to enter networks or systems stealthily so they can stay undetected for years.
What Are Some of the Most Notorious Cyber Espionage Groups to Date?
APTs, which are threats that exploit network, application, or communication protocol vulnerabilities, have been plaguing governments and large enterprises worldwide for years now, and some groups have gained infamy more than others. Here is a rundown of some of the top cyber attack groups to date.
The Lazarus Group is believed to be part of the North Korean government’s Reconnaissance General Bureau (RGB). It is best known for the retaliatory attack on Sony in 2014 because it produced a movie that made Kim Jong-un look bad.
Researchers think it has been active since 2009, targeting organizations in South Korea and the U.S. with ransomware attacks. Its members are known for using WannaCry and MimiKatz in their campaigns.
Also known as “APT 28,” Fancy Bear is known for instigating political chaos. It is likely best known for interfering with Hilary Clinton’s 2016 election campaign. While Russia has not admitted its involvement with this group, the U.S. Department of Justice connected it to Russian intelligence in a 2018 indictment.
Cybersecurity experts believe the group was established in 2004 and has targeted the U.S. and the Democratic National Committee (DNC) of Germany with spear-phishing, Mimikatz, and Coreshell attacks.
Also known as “APT 33,” Elfin is believed to have ties to Iran. Based on data collected on the group, it appears to target aerospace, aviation, and energy companies in the U.S., Saudi Arabia, and South Korea. It is known for using malware in attacks and even created Stonedrill, its custom malware.
Researchers believe it has been active since 2013 and was responsible for attacks against aerospace and energy organizations in Saudi Arabia and the U.S. Elfin is famous for using Shamoon, Mimikatz, PowerSploit, and other spyware.
Also known as “APT 18,” Dynamite Panda is said to be connected to China. It targets U.S.-based medical, manufacturing, government, and tech organizations. It gained infamy for breaching a Health Insurance Portability and Accountability Act (HIPAA)-protected database in 2014, stealing the information of 4.5 million patients.
Cybersecurity experts said Elfin was established in 2009 and had a preference for using ransomware in their attacks.
Also known as “APT 32,” Ocean Lotus is believed to be based in Vietnam. Its targets include Vietnam, Lao People’s Democartic Republic (PDR), Thailand, Cambodia, and the Philippines in Southeast Asia and Australia, the U.S., and Germany. It is also said to be responsible for the Toyota data breach. Its members are known for using malware and zero-day exploits to compromise target networks.
Established in 2014, Ocean Lotus targets Southeast Asian countries primarily using malware attacks.
How Can Organizations Protect against Cyber Espionage Attacks?
Former spy Eric O’Neill had these recommendations for combating cyber espionage:
Think like a Hacker
Identifying the actors behind an attack and their motive is doable if you think like them. Only by thinking like a criminal can you catch one. That is actually how penetration testing works. Acting like a hacker can help you find as many vulnerabilities as there are in your network.
Identify the Attacker’s Techniques
Knowing the techniques threat actors might use can help victims fight back. Constant data gathering is crucial here. Possible targets are advised to use as many external sensors as possible. Joining cybersecurity communities whose members share information all the time is also a good idea.
At the end of the day, battling cyber espionage attacks requires a proactive approach. Cybersecurity teams need to think like the bad guys to beat them.