Espionage

What is Espionage?

Merriam-Webster defines espionage as “the practice of spying or using spies to obtain information about the plans and activities, especially for a foreign government or competing company.

Espionage in cybersecurity refers to a form of cyberattack where hackers steal classified, sensitive data or intellectual property to gain an advantage over a competitor or another government entity.

Espionage involves collecting intelligence by obtaining information that is not publicly available using human sources and technical means.


Key Takeaways

  • Cyber espionage is a form of cyberattack that involves the theft of classified, sensitive data, or intellectual property
  • Espionage targets both government entities and other businesses, mostly competitors
  • Individual hackers and organized crime groups leverage cyber warfare for economic, political, or military gain
  • Espionage attacks target critical infrastructures, such as government systems, financial services, and utility resources.
  • Cyber espionage is predominantly global with 34 nation-states running well-funded hacking groups
  • Espionage threat actors use tools like malware, social engineering, phishing, and watering hole attacks

Espionage Cyber Actors

Individual hackers and organized crime groups leverage cyber warfare for economic, political, or military gain. The deliberately recruited and highly-valued cybercriminals possess advanced hacking skills to gain unauthorized access to government infrastructure and other critical systems such as financial services and utility resources.

Espionage actors include state-based hacking teams comprised of skilled computer programmers, engineers, and scientists that form intelligence and military agency clusters.

Nation-states provide tremendous financial backing and advanced technology resources to empower cyber espionage threat actors.

How Espionage Attacks Work

Highly-skilled hackers use advanced persistent threats (APTs) as tools to enter systems and networks stealthily. Espionage attackers strive t remain undetected for long, as they steal confidential information and install malware on target networks. APTs refer to groups with both the capability and the intent to target a specific organization persistently and effectively.

Threat actors use the following tactics to cause cyber espionage:

  • Malware Distribution – an example of a malicious program used in cyber espionage is a piece of software known as Flame that targeted government computer systems to collect information and turn on webcams and microphones of infected devices
  • Social Engineering – an attacker tricks an employee or government officer into divulging information or performing another action.
  • Spear Phishing – hackers have used spear-phishing, which involves sending emails with infected attachments or links designed to dupe the target into clicking on the attachments. Night Dragon, a state-directed cyber espionage campaign, leveraged a combination of social engineering tactics and malware to gain unauthorized access to global energy companies in several countries.
  • Watering Hole Attacks – in this attack, a cybercriminal monitors and determines the websites most frequented by members of a target organization and infects those sites with malware to gain access to the victims’ networks. An example of a watering hole attack involved modifying the “Thought of the Day” widget on the Forbes website targeting everyday site users, particularly employees in finance and defense sectors.

Impacts of Espionage

To most individual citizens, cyber espionage may not seem to influence their lives much. However, the threat has high costs on a nation-state. The impact can vary from monetary loss to physical infrastructure damage. In some cases, espionage attacks can result in civilian casualties.

Cyber Espionage is Predominantly Global

Headlines of cyber espionage mostly focus on China, Russia, North Korea, Iran, and the United States, either as the attacking state or the attack victim. The U.K.’s Government Code and Cipher School (GCCS) estimates more state nations (approximately 34) with well-funded cyber espionage actors targeting friends and foes alike.

North Korea has an army of more than 6,000 hackers, causing espionage to generate money for the country’s nuclear initiative. APT37 is an example of a threat actor attributed to the nation. The attack targeted other governments, including North Korea, Japan, Vietnam, and the Middle East. Lazarus, a well-known hacking group, led the APT37 attack. The group also hacked Sony Pictures in 2014, netting tens of millions of dollars.

Vietnam operates the OceanLotus cyber-espionage group behind the APT32 and APT-C-00 attacks. The espionage threat actor targets government agencies and companies in Vietnam, Laos, the Philippines, and Cambodia, interested in consumer products, manufacturing, and hospitality industries.

China funds well-known organized group known as TEMP.Periscope or Leviathan. The espionage threat actor has targeted U.S. companies in the maritime and engineering sectors. APT10 is another Chinese threat actor blamed for campaigns that started as early as 2009. The group targeted multiple industries in several countries, including Japan.

Responding to Espionage Attacks

Businesses and government agencies can follow these tips to deter cyber espionage activities:

  • Respond like a hacker – when responding to espionage activities, you should think like a hacker to catch the criminal faster. Security teams can get into the hacker’s mindset to actively seek out vulnerabilities and understand the tactics attackers use to gain entry
  • Identify hacker’s techniques – gaining knowledge of techniques an attacker uses provides an invaluable method to deter cybercrime
  • Be Proactive – you can prevent cyber espionage by taking a proactive approach to security. Organizations can invest in more sophisticated methods to detect and block malicious activities from state actors