We all know that nation states have dedicated hacker teams whose sole purpose is the break into systems and spirit away sensitive documents such as blueprints, personal information, network layout for critical national infrastructure and more.

North Korea comes to mind, as does China, Russia and Iran. But of course it cuts both ways and the US and Israel have shown themselves to be particularly effective in this area. You can also put your house on the UK and other European countries having similar set ups.

Public exposure

But it’s rare for these groups to be publicly exposed. The Ukraine, however, has done just that. The countries counterintelligence agency recently disclosed the real identities of five individuals allegedly involved in digital intrusions belonging to a cyber-espionage group called Gamaredon.

The counterintelligence agency said the group was linked to Russia's Federal Security Service (FSB) and its members worked for the FSB.
  • Gamaredon has been around since 2013 and has also been known as Primitive Bear, Armageddon, Winterflounder and Iron Tilden.
  • It is responsible for a number of malicious phishing campaigns, primarily aimed at Ukrainian institutions, with the goal of harvesting classified information from compromised Windows systems for political gain.
  • It is believed to have carried out about 5,000 cyberattacks against public authorities and critical infrastructure located in the Ukraine and attempted to infect over 1,500 government computer systems, with most attacks directed at security, defence and law enforcement agencies.
The exposure of Gamaredon members simply reflects what happens in the real world. In fact, old world spying is a marker of a different age. Spying today has become much easier given the interconnectivity of networks that span the world like a neural network.

Criminal underground

These changes are also reflected in in the cybercriminal underworld where prolific crime groups such as Fin7 group, Darkside and Clop hold sway. These are slick organisations that run just like a legitimate business with proven processes, a hierarchy of employees, payment structures and son. For instance:
  • A team dedicated to creating fake web sites that look legitimate are the first port of call in a planned fraud. They design and write the website.
  • Coders then build the fake websites and host them on servers in other countries.
  • This is followed by villainous marketers who promote the fake websites to bait victims through phony emails, ads, and paid search results designed to look like the real thing.
  • An analytics team then determines which lures are the most effective. From there, they share these findings so that the most effective emails, ads, and search results get used.
This structure reads like a legitimate marketing/ad agency but one that is dedicated to scamming. Within these set ups you’ll also find data teams that handles stolen data, a finance team that launders money and pays partners, employees, and ringleaders. And so on.

These and other groups focus on ransomware, malware, vulnerability exposures, cryptocurrencies, spyware and all the other attack and exploit methods they can use.

Common thread

There’s a common thread that often runs between some nation state attackers and cyber criminal groups operating out of countries like Russia. And that is the top hackers, those with high level skills, have moved between the two groups. Years ago when the Soviet Union began to fall apart, top computers scientists without work and income gravitated towards cybercrime.

This led to a cadre of seriously skilled people who helped direct and shape attacks. It also set in motion a fluid dynamic between cyber criminals and establishment figures. And today, it’s well known that some cybercrime groups are used by government figures who task them with specific objectives while maintaining distance and plausible deniability.

Only secure as the least secure

It’s unlikely that you’ll be targeted by nation state hackers, unless you have a significant role in government, finance, national infrastructure and other critical industries. It’s a different story with criminal groups though and you could easily be caught up in a villain’s haul without even knowing it.

The reality is that your devices are only as secure as the least secure part of the software you are running. If you think about all the software that runs on your computer, and is often updating in the background, and attackers are able to compromise just one piece it’s a scary thought.

This is why proven internet protection, that monitors your devices 24/7, even when they are offline looking for dormant malware, is so vitally important.