State-sponsored cyber crime is officially out of control
North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
Two-thirds of attributable cyber attacks now come from state-backed attackers, lending weight to warnings from national security agencies about the scale of the threats faced by enterprises and public services alike.
Analysis from Netskope shows a marked escalation in state-sponsored attacks in recent years, with the company warning this trend shows no sign of slowing down.
Sanjay Beri, CEO and co-founder of Netskope, said cyber attacks waged by nation state actors now represent a form of ‘quiet war’.
"Under the surface of this worldwide escalation is a varied picture of different states pursuing widely divergent cyber attack strategies,” he said.
While attention has largely focused on the risks from Russia, China and Iran, data from Netskope indicates that North Korea is currently the world's biggest offender in terms of the number of victims.
It's been targeting victims en-masse through cyber crime and cryptocurrency theft, with the goal of stealing money to fund its military.
China and Russia, meanwhile, account for the second and third greatest number of attacks. Unlike North Korea, however, their goal is to disrupt and damage highly targeted pieces of critical national infrastructure, leading to a smaller number of higher impact, more targeted attacks.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Examples include the targeting of NHS England and the Electoral Commission, both of which were highly disruptive.
"The difference between North Korea’s cyber ‘carpet bombing’ and Russia’s ‘precision strikes’ means that if you’ve fallen victim to an online phishing attack, it’s unlikely that Russian government-backed actors were the cause," said Beri.
"If, however, a critical piece of national infrastructure is down, then it’s more likely that they are. Understanding these nuances is critical for businesses and individuals operating in today’s connected world - because the first and most important step in putting in place the best cyber defense strategy is understanding who is targeting you, what their goals are, and how they’re trying to achieve them."
State sponsored cyber attacks are wreaking havoc
Earlier this summer, the UK’s National Cyber Security Centre (NCSC), along with US and South Korean authorities, warned that a North Korea-linked threat group known as Andariel was compromising organizations around the world to steal sensitive and classified technical information and intellectual property data.
RELATED WHITEPAPER
While it mainly targeted defense, aerospace, nuclear, and engineering entities, it also hit organizations in the medical and energy sectors to a lesser extent, stealing information such as contract specification, design drawings, and project details.
In March this year, the UK government warned that the Chinese state-sponsored attacks on parliamentarians and on the Electoral Commission would not be tolerated.
This particular incident prompted the government to summon the Chinese Ambassador and sanction a front company and two individuals identified as members of the APT31 hacking group.
Similarly, late last year, Russian-backed threat actors were thrust into the spotlight after the NCSC exposed a campaign by Russian Intelligence Services to interfere in UK politics and democratic processes.
More from ITPro
- The Iran cyber threat: Breaking down attack tactics
- State-sponsored cyber attacks: The new frontier
- What threat do nation state hackers pose to businesses?
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
UK’s Cyber Resilience Pledge gathers momentum as 60 firms sign up to bolster capabilitiesNews The voluntary pledge sees organizations tightening up their defences, particularly against supply-chain attacks
-
Hostile states behind three-quarters of UK critical infrastructure attacksNews NCSC CEO warns that with the rise of AI, the danger is only set to get worse
-
NCSC urges organizations to shore up supply chain security practicesNews With attackers increasingly compromising open source packages to spread malware, organizations need to be on their guard
-
A ‘perfect storm’: NCSC chief issues warning over quantum threats, nation-state hackers, and the dangers of global ‘hacktivism’News NCSC CEO Richard Horne says nation-state attacks, AI and the looming quantum threat require stronger global collaboration
-
The NCSC says it’s time to switch to passkeysNews UK security organization calls for companies to step up and offer more secure ways to login
-
NCSC issues alert over Russian hacker campaign targeting SOHO routersNews The APT28 group has exploited vulnerable internet routers to covertly reroute internet traffic through malicious servers
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
The NCSC touts honeypots and ‘cyber deception’ tactics as the key to combating hackers — but they could ‘lead to a false sense of security’News Trials to test the real-world effectiveness of cyber deception solutions have produced positive results so far