An Introduction to the Risk Spectrum of State-Sponsored Cyberattacks

In times of highly disruptive cyberattacks, protection against hacking and data theft has become an essential security measure for businesses, governments, financial institutions, and defense industries. A salient trend in the last 10 to 15 years is the increase of state-sponsored cybercrimes, adding new dimensions to risks associated with cyberattacks. In particular, North Korea, China, Russia, and Iran have been accused of such illicit activities, drawing cyberattacks into the international political realm. This, in turn, increases risks for businesses and financial institutions, blurring the lines between the public and the private sector.

State-sponsored cyberattacks are goal-driven and commonly serve a higher purpose. Such purposes include, for instance: 1) the disruption of another country’s political and economic stability, 2) financial gains to fund the activities of the attacking state government, 3) retaliation against a rival state, 4) interference with another state’s military activities, or 5) economic espionage. Tactics include destructive malware attacks and the theft of data or money. Typical targets of such attacks are government and financial institutions, the military, critical infrastructure such as power plants and hospitals, international shipping companies, private corporations engaged in research and development, and the media and entertainment industry.

While criminal cyber activities largely remain opaque, state-sponsored cyberattacks and hacking groups have been previously identified in the media. North Korean hacking groups such as the Lazarus Group, Bluenoroff, or Andariel operate under the North Korean Reconnaissance General Bureau, the intelligence arm of the North Korean government, and are responsible for major heists like the WannaCry attack and the cyberattack against Sony Pictures Entertainment. The hacking group APT10, short for Advanced Persistence Threat 10, is sponsored by the Chinese government and has been charged with stealing intellectual property and confidential business information of at least 45 technology and defense companies in the United States. In June 2019, the United States Cyber Command, a unit of the United States’ Department of Defense, carried out cyberattacks against computer systems in Iran to control missile launches.

Cyberattacks are not only disruptive and destructive but they can also result in vast financial losses. By 2018, Bluenoroff had targeted financial institutions in South Korea, India, Pakistan, Bangladesh, Taiwan, the Philippines, Vietnam, Mexico, Chile, and Turkey to steal approximately $1.1 billion. Such financial theft often focuses on banks and cryptocurrency exchanges, utilizing malware to gain access to SWIFT credentials or to steal money and customer information from bank accounts and ATMs, which can be used directly or sold on the black market.

Governments and international bodies attempt to protect the public and private sector from cybercrime risks through sanctions. The United States and the European Union sanction persons or entities responsible for cyberattacks with asset freezes or travel bans, for instance. Yet the preventive utility of sanctions may be limited since cyberattacks are difficult to predict. Institutions and businesses in the public and private sector must therefore invest more in cybersecurity tools and crisis management strategies in order to secure their systems against cyberattacks. This can protect them from operational disruptions and financial losses. Improved cybersecurity can shield institutions and businesses from state-sponsored cyberattacks. On a small scale, this is advantageous for individual companies and financial institutions. On a large scale, improved cybersecurity affects international relations and politics, preventing foreign governments that are sponsoring cyberattacks from pursuing their higher purpose.

About the Author

Yasemin Zeisl

Yasemin Zeisl is a Risk Analyst at Global Risk Intelligence. She earned her MSc in International Relations and Affairs from the London School of Economics and Political Science (LSE). She is currently based in Austria. Yasemin is fluent in German and English and possesses advanced Japanese language skills.

Contact Expert