Nation-state Actor

(OBJ 2.1)

What are Nation-state Actors?

• Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
• Some of the most sophisticated and highly-skilled types of threat actors
• Usually a part of a nations intelligence or military organizations, though they can be independent organizations

False Flag Attack

Sometimes, these threat actors attempt what is known as a false flag attack

• Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else

Threat level of Nation-state Actors

Nation-state actors possess advanced technical skills and extensive resources, and they are capable of conducting complex, coordinated cyber operations that employ a variety of techniques such as

• Creating custom malware
• Using zero-day exploits
• Becoming an advanced persistent threats

Advanced Persistent Threat (APT)

• Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth
• A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause immediate damage
• These advanced persistent threats are often sponsored by a nation-state or its proxies, like organized cybercrime groups
• For this reasons, these actors are one of the most dangerous actors

What motivates a nation-state actor?

• Nation-state actors are motivated to achieve their long-term strategic goals, and they are not seeking financial gain
• Funded by the government to conduct cyber operations that can help their governments to achieve political objectives such as
  • Gathering Intelligence
  • Disrupting Critical Infrastructure
  • Influencing Political Processes
• May also engage in cyber espionage to steal intellectual property or gain a competitive advantage in some industries
• Example:
  • North Korean Cyber attacks to alleviate economic pressure and fund internal organizations
  • Russia nation-state actor damage Hillary Clinton candidacy
• Technologically sophisticated countries aren't immune to nation-state attackers

Stuxnet Worm

• Sophisticated piece of malware that was designed to sabotage the Iranian government's nuclear program
• Operated by exploiting zero-day vulnerabilities in the Windows Operative System that was used to run the Nuclear centrifuges
• The nuclear centrifuges were been part of an air gap network to increase its security (all systems were isolated from unsecured networks)
  • But Stuxnet was designed to infect USB drives so that an employee would unknowably transfer the worm to compromise a system.