Ea En Es


What is Espionage?

Merriam-Webster defines espionage as “the practice of spying or using spies to obtain information about the plans and activities, especially for a foreign government or competing company.

Espionage in cybersecurity refers to a form of cyberattack where hackers steal classified, sensitive data or intellectual property to gain an advantage over a competitor or another government entity.

Espionage involves collecting intelligence by obtaining information that is not publicly available using human sources and technical means.

Key Takeaways

Espionage Cyber Actors

Individual hackers and organized crime groups leverage cyber warfare for economic, political, or military gain. The deliberately recruited and highly-valued cybercriminals possess advanced hacking skills to gain unauthorized access to government infrastructure and other critical systems such as financial services and utility resources.

Espionage actors include state-based hacking teams comprised of skilled computer programmers, engineers, and scientists that form intelligence and military agency clusters.

Nation-states provide tremendous financial backing and advanced technology resources to empower cyber espionage threat actors.

How Espionage Attacks Work

Highly-skilled hackers use advanced persistent threats (APTs) as tools to enter systems and networks stealthily. Espionage attackers strive t remain undetected for long, as they steal confidential information and install malware on target networks. APTs refer to groups with both the capability and the intent to target a specific organization persistently and effectively.

Threat actors use the following tactics to cause cyber espionage:

Impacts of Espionage

To most individual citizens, cyber espionage may not seem to influence their lives much. However, the threat has high costs on a nation-state. The impact can vary from monetary loss to physical infrastructure damage. In some cases, espionage attacks can result in civilian casualties.

Cyber Espionage is Predominantly Global

Headlines of cyber espionage mostly focus on China, Russia, North Korea, Iran, and the United States, either as the attacking state or the attack victim. The U.K.’s Government Code and Cipher School (GCCS) estimates more state nations (approximately 34) with well-funded cyber espionage actors targeting friends and foes alike.

North Korea has an army of more than 6,000 hackers, causing espionage to generate money for the country’s nuclear initiative. APT37 is an example of a threat actor attributed to the nation. The attack targeted other governments, including North Korea, Japan, Vietnam, and the Middle East. Lazarus, a well-known hacking group, led the APT37 attack. The group also hacked Sony Pictures in 2014, netting tens of millions of dollars.

Vietnam operates the OceanLotus cyber-espionage group behind the APT32 and APT-C-00 attacks. The espionage threat actor targets government agencies and companies in Vietnam, Laos, the Philippines, and Cambodia, interested in consumer products, manufacturing, and hospitality industries.

China funds well-known organized group known as TEMP.Periscope or Leviathan. The espionage threat actor has targeted U.S. companies in the maritime and engineering sectors. APT10 is another Chinese threat actor blamed for campaigns that started as early as 2009. The group targeted multiple industries in several countries, including Japan.

Responding to Espionage Attacks

Businesses and government agencies can follow these tips to deter cyber espionage activities:

George Mutune

I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today's business environments.