• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber warfare
  • Intelligence
  • Malware
  • Security
  • State-sponsored attack or not, that’s the question

State-sponsored attack or not, that’s the question

Pierluigi Paganini September 18, 2012

The defense of cyberspace is becoming one the most concerning question to approach, governments all around the world are massively investing in cyber technology with the resultants that the number of cyber operations is increasing exponentially.

William J. Lynn, U.S. Deputy Secretary of Defense, states that:

“as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space.“

The message launched by official demonstrates the high interest of government in the development of cyber warfare capabilities oriented to cyber espionage and cyber offensive.

Despite the potential effects of the use of cyber weapons and the damage caused by offensive operations represent major concerns for intelligence agencies, very frequently are discovered clues of cyber attacks that have the main purpose to steal sensible information and intellectual property from the victims.

Who is behind these cyber attacks?

Analyzing the statistics it is possible to note that the majority of attacks are related to hacktivism and cybercrime activities, the data demonstrate a growing trend for cyber warfare attacks but it is expected that they represent only the tip of the iceberg.


To identify a cyber attacks is becoming every day more and more difficult, in my previous post I presented a study released  by the security firm FireEye, named “Advanced Threat Report” related first half of 2012, that provides an overview of the current threat landscape, evolving advanced malware and advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations’ networks today.

The document presents and alarming scenario, the organizations are assisting to an impressive increase in advanced malware that is bypassing their traditional security defenses.

It’s quite common to assist that a malicious agent is able to elude common defense mechanisms remaining stealth for long period in which it operates under coverage.

The problem is mainly related to cyber espionage activities and its impact in any sectors, from defense to communication, causing serious damages.

We are not able today to exclude that a cyber weapon is operating undetected and it is known that at least 140 countries are working on the development of new agents that will crowd cyber space soon.

The organization are facing with a dramatic explosion of the diffusion of advanced malware in terms of volume and also in effectiveness in bypassing traditional signature-based security mechanisms. Most of these attacks are considered as state-sponsored due the nature of the targets systems and the abilities of the malicious agents to exploit 0-days vulnerabilities.

Most state-sponsored malware are designed for activities such as data-gathering, cyber espionage or sabotage, we have a large casuistry on features identifies in the malicious agents, but the same scope are persecuted by cybercriminals and hacktivists.

Distinguish the origin of attacks is not simple, in many cases the cybercriminals operate exactly in the same way state-sponsored hackers do, selecting specific sector as privileged target and operating with malware that mainly act in stealthy mode.

We must consider also the cybercrime is not always considerable a totally separated cyber threats, cyber criminals operate in the name of business and they steal sensible information to sell them to hostile countries.

According Myla Pilao, director of core technology marketing at Trend Micro’s TrendLabs, the attacker’s intent is fundamental to discriminate a cyber attacks from a state sponsored operation, and let me add also that the context of operation and the real identity of the attacker have the same importance.

What make more hard the identification of the origin of attacks is the consideration that in the cyber space there are no boundaries and an offensive could be started from a domain associated to any countries.

Indications on the presence of a state-sponsored attack are related to the target addressed and the region where the agent has counted the greater number of infected host, let’s think for example to Flame that hit mainly Middle Eastern countries with cyber espionage intents or Stuxnet that concentrated its efficacy against Iranian nuclear plants.

The limited geographic area could highlight the presence of an ongoing intelligence campaign interested in gathering sensible information and conducting espionage.

Phil Lin, director of product marketing at FireEye, noted:

Still, all of these characteristics can also be found in advanced malware used by cybercriminals for regular attacks, which makes the geographical attribution of cyberattacks “the most difficult task”, Lin observed.

“Cybercriminals from one country can easily set up ‘command and control (C&C)’ servers used to store exfiltrated data in a different country leading to incorrect attribution of the nationality of the threat actors, not to mention their ultimate nation-state ties,”

The level of complexity of the agent used could be a condition necessary but not sufficient to qualify the product of a state sponsored project.

My opinion is that despite a deep analysis on the victims of the attacks in many cases it’s hard to find evidences of a state involvement due the increased sophistication of the malware, powerful agents that are able to destroy their tracks.

In the future the number of operations has will increase and it is “extremely unlikely” that in absence of an international regulatory in cyber warfare a country will openly admit sponsoring operation.

The only escape way that I see is the definition of a regulatory because I am convinced that, in the absence of strict rules, technical capabilities of the states will evolve in an unpredictable manner and it will impossible to qualify the nature of malicious code and to discover the identity of its creators.

Pierluigi Paganini


facebook linkedin twitter

Advanced persistent threat cyber espionage cyber warfare Flame malware state-sponsored attack stuxnet

you might also like

Pierluigi Paganini July 08, 2025
Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day
Read more
Pierluigi Paganini July 08, 2025
Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

    Security / July 08, 2025

    Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

    Intelligence / July 08, 2025

    U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

    Hacking / July 08, 2025

    IT Worker arrested for selling access in $100M PIX cyber heist

    Cyber Crime / July 08, 2025

    New Batavia spyware targets Russian industrial enterprises

    Malware / July 07, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT