Cyber espionage is a form of cyber attack that steals classified, sensitive data or intellectual property to gain an advantage over a competitive company or government entity.
Let’s Define Cyber Espionage
Espionage, according to Merriam-Webster, is “the practice of spying or using spies to obtain information about the plans and activities especially of a foreign government or a competing company.”
Take this into the cyber world, and the spies are armies of nefarious hackers from around the globe who use cyber warfare for economic, political, or military gain. These deliberately recruited and highly valued cybercriminals have the technical know-how to shut down anything from government infrastructures to financial systems or utility resources. They have influenced the outcome of political elections, created havoc at international events, and helped companies succeed or fail.
Many of these attackers use advance persistent threats (APTs) as their modus operandi to stealthily enter networks or systems and remain undetected for years and years.
Headlines about cyber espionage usually focus on China, Russia, North Korea, and the United States, whether as the attacking state or the victim of attack. However, the UK’s Government Code and Cipher School (GCCS) estimates that there are 34 separate nations that have serious well-funded cyber espionage teams.
These state-based threat actor teams are comprised of computer programmers, engineers, and scientists that form military and intelligence agency hacking clusters. They have tremendous financial backing and unlimited technological resources that help them evolve their techniques rapidly.
Eric O’Neill, a former undercover F.B.I. agent who is a National Security Specialist at Carbon Black, is quite familiar with espionage. In an article called Hacking is the New Face of Espionage, he says “the contemporary battle is fought with keyboards and software rather than dead-drops and balaclavas.” He goes on to say with cyber war now being fought on a global scale, there is more onus on security than ever. “Too many organizations are not taking the threat as seriously as they should,” notes O’Neill.
He adds, “It is no longer enough to defend and react if you are breached. Taking a ‘bad-guy’ approach is a massive step forward when tackling your attackers in the world of cyber espionage.”
So what have the masters of cyber espionage been up to lately? Here are a few of the nation-state attack groups that have been headlined repeatedly over the years.
North Korea reportedly has an army of more than 6,000 hackers that raise money to pay for the country’s nuclear program. A recent attack attributed to North Korea is APT37, which took aim at South Korea, Japan, Vietnam, and the Middle East. The attack was purportedly led by a well-known hacking group called Lazarus, which has been active for the last five years or so. The group has been cited for attacks such as the Sony Pictures one in 2014, which netted tens of millions of dollars, and it may be responsible for the $81 million cyber heist of a Bangladeshi bank in 2016. They also are blamed for the 2017 widespread WannaCry attack, which wreaked billions of dollars of havoc on companies, banks, and hospitals around the world.
Onto Vietnam, and there is OceanLotus, a cyber espionage group which could potentially be behind the attacks called APT32 and APT-C-00. These threats have been aimed at corporate and government organizations in Vietnam, the Philippines, Laos, and Cambodia and focus on foreign corporations with interests in Vietnam’s manufacturing, consumer products, and hospitality industries.
One of China’s well-known attack groups is TEMP.Periscope, or Leviathan. This group has recently been escalating their attacks and targeting U.S. companies in the engineering and maritime fields that are linked to the South China Sea and some of the world’s busiest trading routes. Another group of Chinese threat actors, APT10, is blamed for a campaign that perhaps started as early as 2009. As potentially one of the longest sustained cybersecurity threats in history, APT10 recently attacked companies through managed service providers in multiple industries in several countries, as well as some Japanese companies, causing an unknown amount of damage through the theft of large volumes of data.
Another potential nation-state attack is Slingshot APT, which may have links back to the government of the United States. Slingshot APT has similarities to a threat actor known as Grey Lambert or Longhorn, which has been linked to the U.S.’s CIA. The campaign may have been active for six years or more, and targeted the Middle East and Africa via sophisticated evasive and stealthy tactics that help the actors successfully exfiltrated large volumes of sensitive data.
Lazarus may be responsible for a $81M cyber heist on a Bangladeshi bank that occurred in 2016.
In the article above, Eric O’Neill suggests that the best defense is a good offense. Here is some of the steps that Eric recommends for battling cyber espionage: