Self Assessment

Cyber Threat Landscape Expands with State-Sponsored Cyber Attackers

Published On : 2022-02-19
Share :
Cyber Threat Landscape Expands with State-Sponsored Cyber Attackers

Cyber Threat Landscape Expands with Collaboration Between State-Sponsored Groups

By CYFIRMA Research


As Ukraine faces hybrid warfare, it is clear that the era of state-sponsored cybercriminals is close to its zenith. For the uninitiated, a state-sponsored cyber attack is a form of defense strategy adopted by nations to target governments, critical infrastructure, as well as the civil society of hostile states.

One incident which is oft-quoted as the best example of a state-sponsored cyberattack is the Stuxnet attack on Iran which was discovered in 2010. This weaponized digital attack against industrial control systems (ICS) was reportedly launched by Israel’s Unit 8200, U.S. Central Intelligence Agency, and the National Security Agency (NSA).

Fast-forward 2022, CYFIRMA’s cyber threat intelligence team has observed state-sponsored groups evolving, innovating, and enhancing their capabilities in the use of malware, ransomware, and TTPs (tactics, techniques, and procedures). It is suspected that these groups have managed to enhance their internet hacking strategy by collaborating with other cyber threat actors, sharing, and benefitting from their experiences and skills.

25% of the campaigns tracked by our team were seen to be launched by the Russian ransomware groups who hired state-sponsored groups affiliated to China (and vice-versa) through the RaaS model (Ransomware-as-a-Service). At the same time, close to 20% of the campaigns highlighted that North Korean hacking groups were hired by Chinese groups under the HaaS (Hacking-as-a-Service) model, making Cybersecurity even more challenging.

So, two aspects have gained prominence in the digital threat landscape with this constant collaboration between state-sponsored groups. The first aspect, undoubtedly, is how cyber warfare is no longer something you see only in a sci-fi movie. It is rather the new uncomfortable reality. Governments across the globe understand how instead of ragging wars across boundaries, crippling the very economy, infrastructure, and manpower of the enemy nation is far more lethal, far more cost-effective, and most of all the best non-violent way to tackle the enemy nation. Though the shift to cyber kinetic does throw light on the violent face of cybercrime, most state-sponsored groups are non-violent in their online crimes.


Defense and Deterrence: The Two Building Blocks of a Potent Strategy Against State-Sponsored Groups


As per our Cyber Threat Intelligence Team, the collaboration amongst state-sponsored internet threat actors is expected to increase in 2022. Realizing the political agenda of their state masters is the primary goal of these cybercriminals. At the same time, one can not ignore how these groups have built a rather profitable business model by availing of RaaS and HaaS. For instance, our monitoring of the dark web forums highlights that several Chinese cyber threat actors including state-sponsored outfits are hiring North Korean groups as part of HaaS for exfiltrating sensitive details from organizations in return for financial benefits.

Therefore, it is safe to conclude that state-sponsored digital threat actors will find more ways of collaborating across boundaries to further the geo-political-economic agenda of their state masters, and at times also justify their domestic authoritarian policies for wider adoption.

The best way to tackle this condition is to build a viable defense and deterrence strategy. This would mean thoughtful investments in cyber intelligence infrastructure and the global collaboration of nation-states against such cyber attacks. At an organizational level, here are some critical recommendations to protect the critical infrastructure against such internet crimes:

  1. Implement a holistic cyber security strategy that includes controls for cyber attack surface reduction, effective patch management, active network monitoring through next-generation cybersecurity solutions, and ready to go incident response plan.
  2. Establish a robust plan to identify assets by leveraging a Risk-based approach along with the Defence-in-Depth (DiD) method as part of the organization’s cyber security strategy to minimize the cyber risk exposure of vulnerabilities to an acceptable level for an organization.
  3. Implement network traffic or cybersecurity monitoring, cybersecurity incident detection, notification, and alerting by leveraging SIEM (Security Information and Event Monitoring) solutions.


DeCYFIR is a Powerful Cyber-Intelligence Platform with Six Threat Views on a Single Pane of Glass for Complete Understanding of External Threat Landscape

Six pillars of cyber threat views include attack surface discovery, vulnerability intelligence, brand intelligence, digital risk discovery and protection, situational awareness and cyber-Intelligence.

DeTCT automatically discovers your digital footprint, proactively monitors the web and social media platforms 24/7, and secures your digital ecosystem.

DeFNCE is your trusted Cyber Defence tool for individuals and businesses. With DeFNCE you can Protect your device & digital footprint, Discover leaked personal data and Stay secure.


This site is registered on as a development site. Switch to a production site key to remove this banner.