Cyber Final

The following is from my final project on nation state cyber threat actors. I did a surface level look at who and how they attack their targets based on the best available data.

Summary Link to heading

Nation-state cyber attacks have become a significant threat in modern international relations, with over 30 countries utilizing this attack type and approximately 790 total attacks documented. These operations typically span months to years, with attackers gathering massive amounts of information before executing their primary objectives.

Initial Assumptions Link to heading

I began with the idea that the majority of the attacks would be coming from Russia and China with the United States being the most targeted by these types of attacks. In the media these attacks are played up a lot to be a threat to the American people however events like the Solarwinds attacks still continue on to today.

My other big assumption was that these types of attacks fall short to the number of attacks used by citizens within the country. Typically with these attack types laying ground work and entering systems takes a lot longer for nation-states then dedicated teams of cyber criminals. Cyber criminals who may be more opportunistic or leveraging known CVE’s, or simply being script kiddies.

Initial Questions Link to heading

  • Who is the main country utilizing these attacks and why?
  • Why are nation-states begining to utilize these attacks more often?
  • What countries are being targeted the most and what links them together if there are any links?

Major Threat Actors Link to heading

Russia Link to heading

Primary Focus: Political espionage, particularly around elections Strategic Approach: Views cyber disruptions as a foreign policy tool to influence other countries’ decisions Military Integration: Has formally adopted cyber attacks into their warfare doctrine Capabilities: Continuously refines espionage, influence, and attack capabilities

RussiaPatch

worldmap

China Link to heading

Network Structure: Operates through an extensive APT (Advanced Persistent Threat) network Escalation Timeline: Significant increase in attacks observed from the end of Obama’s administration Motivations: Uses cyber attacks as responses to political disputes, including border conflicts and trade tensions

ChinaPatch

worldmap

North Korea Link to heading

Strategic Goals:

Bypass international sanctions Gather intelligence Generate revenue through cryptocurrency theft

Targeting: Focuses on critical infrastructure, government systems, and high-value private entities Cost-Effectiveness: Cyber operations provide a cost-effective way to project power internationally Adaptability: Has begun diversifying attack methods and exploiting known vulnerabilities

Nation-State vs. All Attack Types The data suggests that nation-state actors represent a disproportionate threat compared to other cyber attack categories, with their operations being more sophisticated, persistent, and strategically coordinated than typical cybercriminal activities.

NKPatch

worldmap

Conclusion Link to heading

For my project I had to provide policy recommendations. However, I am skeptical that increasing eduction, literacy programs or increasing reporting will effectively change the current trajectory of the issue. I would rather suggest a more diplomatic approach like what was had during the Obama presidency with China. Geopolitical tensions and supoprting the Ukraine war showed increases in cyber attacks making the environment around the issue more complex. A diplomatic solution here could create norms around its use and perhaps reduce the use altogether if that is still possible. Given how it is sometimes hard to verify who the individuals are behind a hack or even if you have been hacked.

More posts to come…

Note: This analysis is based on documented nation-state cyber attack patterns and represents ongoing threats to international cybersecurity and stability.