top of page

The blurry lines between nation-state attacks and cybercrime

In recent years, attacks targeting public infrastructure in towns and cities have dramatically escalated. Experts are not surprised and have warned for years that the often archaic digital systems used by public infrastructure providers are ripe targets for online attackers. Many of these attacks appear politically motivated and seemingly removed from cybercrime attacks focusing on financial gains.

But this division is a mirage. Nation-state attacks share a lot of common ground with cybercrime and create opportunities for criminal digital attacks. Sometimes, they are the same thing, a topic we explore in Performanta's new ebook, Cyber Warfare: Expert analysis on nation-state attacks.

The state of nation-state cyberattacks

Countries deploy cyberattacks as part of their military tactics. For example, Russian hackers launched cyberattacks on Ukraine and its allies a full hour before Russia's military hardware crossed the border—a clear attempt to disrupt Ukrainian systems and weaken their responses to the invasion. Hamas' attack on Israel included a flurry of cyberattacks ranging from precision targeting to a scattershot approach aimed at anything digital within reach. And Yemen's civil war has spilt over into an extensive cyberwar between different factions.

Similar examples exist outside of warfare. As mentioned at the start, many Western municipalities have been attacked by politically motivated cyber gangs, often from Iran. Indian officials have publicly accused Chinese-backed cyberattackers of targeting local energy and healthcare facilities. As our ebook notes, power grabs occur constantly in the digital realm.

The cyber warfare/cybercrime link

If these events were purely about politics and war, it might be easy to treat them as isolated problems. But cyber warfare escalates and emboldens cybercrime, and is often the same thing.

The recent Hamas-Israel conflict provides a very clear example. During the campaign, Hamas has been receiving support from a group called Anonymous Sudan, launching denial of service (DDOS) attacks on Israel and its allies. Anonymous Sudan is also now selling access to its DDOS tool to criminal gangs—the campaign against Israel has turned from political to marketing a cybercrime tool.

Cybersecurity experts are not surprised. There has been a growing link between escalating criminal cyberattacks and nation-states gaining political and financial benefits. Specifically, many advanced persistent threat (APT) groups have the backing of one or more of four nations: China, Iran, Russia, and North Korea.

Though it's often hard to irrefutably link cyber gangs and nation-states, the signs are there. For example, the group responsible for hacking the US Colonial Pipeline and extracting a ransom payment, DarkSide, claims it has no link to Russia's government. However, the latter has protected this group by rebuffing extradition or legal action against them. APT 41, a group that has attacked dozens of countries, primarily targets places critical of China and also appears to have the protection of China's government.

Indiscriminate crime protected by politics

These groups commit crimes for financial reasons but reflect the political leanings of their protectors through their choice of targets. Their activities are driven by greed, not ideology, and they go after opportune targets. North Korea's Lazarus Group has previously targeted Tanzania, and China's Phantom Panda have attacked South Africa and Middle Eastern countries.

Moreover, these groups support global criminal networks of brokers and attackers and feed new techniques and services to other criminals. The Wannacry worm, which arguably industrialised ransomware attacks, emerged from North Korea. Russia's DarkSide helped pioneer the Ransomware-as-a-Service model, which lets smaller criminal gangs launch lucrative and devastating ransomware attacks with little impunity. Even schools, hospitals, and NGOs are fair game.

There is a smoking gun to show that ideological cyberwarfare is often just a front and enabler for cybercrime. Increasingly, developing nations are becoming the initial targets for new attacks regardless of their political affiliations. They are testing grounds before the techniques are turned against more sophisticated and protected developed nations. This is one reason why there has been a big escalation of cybercrime across Africa.

As long as nation-states partner with cybercrime to attack their enemies and line their pockets, the overall spectre of cyber risks will grow bigger. To learn more about this concerning trend, download Performanta's free ebook, Cyber Warfare: Expert analysis on nation-state attacks. This brief but detailed and informative read will bring you up to speed on the alignment between authoritarian regimes and cybercrime and what companies like Performanta are doing to protect us against these threats.


bottom of page