The Art Of Cyberwar: Understanding Your Enemy
The ancient book on war, “The Art of War” by Sun Tzu, holds many lessons that are surprisingly applicable to today’s cybersecurity operations. One of the most important lessons is captured in the following line:
“If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
Cyber adversaries are often referred to as “hackers,” but in reality they come in many forms and have varying motivations and techniques. Some groups are well-organized, while others are loosely structured. Some are government-affiliated, while others are purely criminal or terrorist organizations.
As Sun Tzu advised, it is crucial to have a deep understanding of one’s enemies. In this series of articles, we will examine the major global hacking groups and discuss the best ways to protect against them.
Beset by Dangers: The Most Notorious Groups
Cyber threats are becoming increasingly common and sophisticated in today’s digital age, and hacker groups comprise a significant part of this threat landscape. They are well-funded entities that use their skills to infiltrate, steal, or ransom sensitive information from governments, businesses, and individuals.
A complete list of these groups would be voluminous, but below I highlight some of the most dangerous hacker groups currently operating:
- APT10, also known as Stone Panda or Red Apollo, is a Chinese state-sponsored group that targets intellectual property and business information. The group has been active since at least 2009, and has been linked to several high-profile breaches such as those of the U.S. Navy and the Australian government. APT10 employs a variety of techniques, including phishing, malware, and supply chain attacks, and is believed to focus on technology and manufacturing companies as well as government agencies.
- Lazarus Group is a hacker group believed to be operating out of North Korea. The group has been linked to several high-profile cyber attacks, including the Sony Pictures hack in 2014 and the WannaCry ransomware attack in 2017. Lazarus Group uses sophisticated tactics, such as zero-day vulnerabilities and custom malware, to infiltrate its targets. The group has also been linked to several high-profile financial crimes, such as the theft of $81 million from the Bangladesh central bank in 2016.
- Turla is a Russian state-sponsored group known for stealing sensitive information from governments and businesses. The group has been active since at least 2007, and focuses on government and diplomatic organizations. Turla uses tactics like watering hole attacks, spear-phishing, and custom malware to infiltrate its targets.
- APT33, also referred to as Elfin or Holmium, is an Iranian-linked group that has been active since 2013. The group targets aerospace and energy companies, as well as government organizations, and employs tactics like spear-phishing and custom malware. APT33 is also known for using “living-off-the-land” tactics that leverage legitimate tools and software to evade detection.
- FIN7, also known as the Carbanak Group, is a financially motivated hacktivist group that has been active since 2013. FIN7 targets the retail and hospitality industries with point-of-sale malware and uses advanced social engineering tactics to infiltrate targets. The group is believed to have stolen millions of dollars from its victims.
- REvil, also known as Sodinokibi, is an infamous ransomware group that has been active since 2018. The group uses ransomware to encrypt victims’ data and demands large sums of money for the decryption key. REvil made headlines in 2020 and 2021 with large-scale attacks on companies and government organizations.
- Lapsus is a criminal organization that is involved in various illegal activities such as cybercrime, fraud, and hacking. The group is known for its advanced tactics, the technique of bribing key insider employees, and for using the communication platform Telegram, which have allowed them to carry out successful attacks on high-profile targets.
Be Aware and Prepare
The threats posed by hacker groups are growing more severe and sophisticated. These groups are known to be highly skilled and well-funded, and to use advanced tactics. They can cause serious damage and pose a significant threat to organizations and individuals. It is important for organizations to be aware of the myriad risks and take appropriate measures to protect themselves. By staying informed and taking proactive and comprehensive steps to secure IT infrastructures, networks, data, applications, and endpoints, organizations can better defend against cyber threats. Additionally, organizations should be prepared to recover in a timely manner should an attack be successful. Organizations should also have a comprehensive program in place to remain vigilant in monitoring for suspicious internal and external activities, and be prepared to respond quickly in the event of a breach.
Sun Tzu’s Timeless Advice
By focusing on specific hacker groups in subsequent posts, we can begin to understand the motivations behind these operations, the methodologies each group uses, the specter of business impact to communities at large, and ways to defend against attacks through a comprehensive security approach. The key to success in defending against cyber threats is to be proactive and have an encompassing security program in place. By staying informed, taking appropriate measures to secure networks and data, and preparing for and responding to incidents, organizations can minimize their risk of becoming the victim of a cyber attack. By following Sun Tzu’s timeless advice to “know your enemy,” organizations can better understand hacker groups – and thus better defend against them.