InfoSec Insider

Smaller Nation State Attacks: A Growing Cyber Menace

While there certainly remains a global hierarchy when it comes to cyber capabilities, smaller state and non-state actors are increasingly exploiting the asymmetric nature of cyberspace to achieve a broad range of objectives.

Last year, a Qatari state media website was compromised and defaced with false reports of the Emir of that country praising Iran and Hamas. The fake content was blasted on social media and amplified through bots, eventually provoking a regional boycott that persists today.

Andrea Little Limbago

Andrea Little Limbago

While many immediately attributed last year’s attack to Russia, recent research now attributes the attack to Saudi Arabia, including the creation of roughly 200 fake Twitter accounts surrounding the hack.

This combination of disinformation and cyberattacks against Qatar is ongoing. Roughly 30 percent of Arabic tweets referencing Qatar are bots, and now, a remote execution zero-day in Adobe Flash has appeared, likely targeting a Qatari diplomat.

This attack highlights new rising nation-state (and nation-state affiliated) hacking groups and their adoption of tactics and techniques aimed to sow disruption. These capabilities are already playing out both between global powers as well as smaller regional rivals. Smaller nations are increasingly the attacker, and the range of victims is expanding well beyond the major powers and their traditional adversaries.

While there certainly remains a global hierarchy when it comes to cyber capabilities, the monopoly on digital tactics, techniques and procedures no longer persists. Smaller state and non-state actors exploit the asymmetric nature of cyberspace to achieve a broad range of objectives.

Earlier this year, Dark Caracal, a group some evidence says is associated with the Lebanon intelligence agency, targeted at least 21 countries, and at times conducted six different campaigns simultaneously. This is not an anomaly as nation-states are increasingly deploying spyware for surveillance. Last summer, the Mexican government was associated with a spyware campaign targeting academics, lawyers, and journalists associated. Sudan’s Electronic Jihad group (a sub-unit of their intelligence agency) ostensibly was created to counter ISIS, but has been implementing a range of surveillance technologies against a range of anti-government groups. Meanwhile, Ocean Lotus is the Vietnamese government’s first identified advanced persistent threat, and has targeted Vietnamese diaspora, foreign governments, and government critics and dissidents.

Technological innovation rarely remains the monopoly of a single entity, and the same is true for offensive digital attacks, especially as the resources required continues to decrease. The Shadow Brokers and Vault 7 release of sophisticated exploits has only expedited the proliferation of global actors with both the access to nation-state capabilities on the cheap, as well a proven willingness to deploy them. In most cases, governments first use domestic targets as a testing ground before expanding the target reach. This is true for both cyber attacks, as well as disinformation campaigns, and increasingly a combination of the two.

Just as more groups are compromising networks and computers, increasingly governments are also copying integrated cyber-enabled disinformation and propaganda attacks. Russian troll armies and Chinese astroturfing campaigns are no longer unique to these countries. Venezuela, Philippines and Turkey are among the dozens of countries that have armies aimed at shaping opinions and distorting information online. Filipino president, Rodrigo Duterte, has employed a keyboard army for state propaganda, while Turkey similarly implements trolls and bots for censorship and manipulating public opinion.

The diffusion of cyber capabilities is only expanding and the lack of any international legal framework for cyber norms means that the range of targeted and opportunistic attacks will only continue, with the risk of collateral damage amplifying. The series of attacks on Latin American banks, attributed to North Korea, is indicative of the changing world order.

This is a significant inflection point, and quite simply the end of the world as we know it. Structural power changes are significantly altering the international system, leaving both governments and corporations across the globe vulnerable to the rise of new attackers seeking to profit or gain strategic advantage from this evolving the new order.

(Andrea Little Limbago is the Chief Social Scientist at Endgame, directing and contributing to the company’s technical content. She has a background in quantitative social science and direct operational support, and writes extensively on the geopolitics of the cyber domain, policy, and data science.)

Suggested articles