Cyberwarfare refers to an attack by one nation on another’s computer systems. The main weapon in cyberwarfare is computing technology. Typical attacks include hacktivism and spreading fake news especially related to national or political events—basically anything that can cause the target’s government to become unstable.
You can compare cyberwarfare to a silent war where battles are fought in secret with no explosions or bursts of gunfire typical of a conventional conflict. You hear only the soft taps of fingers on a computer keyboard. But once the Enter button is pressed, it’s enough to disrupt the operations of an entire nation’s government.
Read More about “Cyberwarfare”
Given today’s reliance on technology, cyberwarfare has been dubbed “the new frontier in wars between countries.” Instead of employing the best soldiers, nation-states are engaging the best hackers they can find.
Countries like the U.S., the U.K., Russia, India, Pakistan, China, Israel, Iran, and North Korea are among those believed to have active cyberwarfare offensive and defensive operations. It is no wonder then that these are the same nations often implicated as the threat actors behind the targeted attacks we’ve seen so far.
A targeted attack is considered the most damaging kind of cyber attack, as when successful, it can thwart the operation of a target’s critical infrastructure. Examples of some of the most notorious targeted attacks or advanced persistent threats (APTs) are listed below.
Stuxnet was a complex, multifaceted malware that disabled uranium-enrichment centrifuges in Iran. As a result, it slowed down the country’s nuclear program for several years. Stuxnet was, in fact, the first APT that brought talks of cyberwarfare targeting industrial systems to light. Researchers believe the attack was a result of a collaboration between the U.S. and Israel.
Ajax Security Team
Operation Woolen-Goldfish, AjaxTM, Rocket Kitten, Flying Kitten, and Operation Saffron Rose are believed to be campaigns associated with the Ajax Security Team. The group has been active since at least 2010 and is believed to operate out of Iran. Before 2014, Ajax Security Team focused on website defacement operations. After that, it has been launching cyber espionage campaigns targeting the U.S. defense industrial base and Iranian users of anti-censorship technologies.
Believed to be behind IXESHE, DynCalc, Numbered Panda, and DNSCALC, APT12 is a threat group attributed to China. It has targeted various victims that include but are not limited to media outlets, high-tech companies, and multiple governments.
Typical Cyberwarfare Tools
Over the years, we have seen threat actors use a variety of malicious tools to get into their targets’ systems. These can be categorized broadly into those enumerated below.
Remote Access Trojans
Remote access Trojans (RATs) are programs that allow threat actors to perform covert surveillance on a victim’s computer. They often behave like keyloggers in that they collect usernames, passwords, screenshots, browser history details, emails, and chats by logging users’ keystrokes. Considered backdoors, they give attackers unhindered access to monitor user behaviors, change computer settings, browse and copy files, use a system’s bandwidth for possible criminal activity, access connected devices, and more. One of the most used RATs is PoisonIvy, which is a favorite tool of China-based threat actor group admin@338.
In Stuxnet’s case, the threat actors were able to drop the worm onto target systems by exploiting a zero-day vulnerability in Siemens Step7 software that is installed on the programmable logic controllers (PLCs) of supervisory control and data acquisition (SCADA) systems. SCADA systems are industrial control systems (ICSs) that make nations’ nuclear and similar plants run.
Other malware types have also been employed by various threat actors over the years for cyberwarfare. These include ransomware and spyware.
Cyberwarfare has become such a big threat that many nations have been engaging in cyberwar games in preparation. In these, they improve their defenses by exploring the strategies, tactics, and operations involved in cyber attacks.