Posted on by IT Minister Blog

A Guide to Cyber Warfare: Who is Acting Us, How & Why?

Introduction

In today’s environmental of global conflict, traditional battlegrounds have expanded beyond land, sea, and air to include Cyberspace as another domain – physical strikes are now conducted via the keyboard. The battlefield is now email inboxes, smart fridges, power grids, water supply and even the integrity of the country’s elections.

But who exactly is behind the keyboard? What weapons do they have? How are they launching these attacks? The answers to these questions are not just for IT professionals; it is for everyone.

Cyber literacy empowers us to protect ourselves, families, organizations, and our nations.

This guide explores the cyber threats posed by diverse actors, emphasizing the need for cybersecurity strategies that enforces effective governance, risk management, and compliance.

Who’s Behind the Keyboard?

Understanding the adversary is a foundational principle in cybersecurity. As Sun Tzu noted in "The Art of War", "If you know the enemy and yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle".

Cyber warfare is not fought by one type of enemy; it is a whole ecosystem of threat actors, each with their own motives and methods.

Here is the lineup:

  1. Countries: Yes, sovereign nations are major players in cyber warfare. They possess the funds, tools, and resources to conduct sophisticated attacks or espionage operations. Sometimes, they even outsource these operations to third parties, including organized crime, to achieve their strategic objectives. Their aim? To destabilize confidence, gain competitive advantages, or gather classified information that could impact national security or economic well-being.
  2. Organizations (Formal & Informal): These groups leverage cyberspace to undermine confidence in other entities, whether for competitive gain or to achieve specific agendas. Think corporate espionage gone digital.
  3. Criminal Organizations: Driven by profit, these groups use cyberspace to make money, often buying and selling illicit goods and services in secondary cyber markets. They might even operate on behalf of their home countries, who, in turn, tolerate their activities. This “Crime-as-a-Service” model is a growing concern, making it easier for stolen information to be monetized.
  4. Individuals and Small Groups: These attackers illegally disrupt systems or gain unauthorized access to networks. Their motivations can be political, using cyberspace to spread messages or achieve a specific agenda through legally ambiguous means (hello, hacktivists!). They often cooperate—or are forced to cooperate—with larger criminal organizations or even countries.
  5. Employees and Insiders: Perhaps the most underestimated threat, insiders—both current and former employees—can pose the greatest risk. With authorized access to an organization’s systems, they can inflict significant harm, often driven by grievances or lured by external actors. Organized crime and even countries target insiders, using “carrot and stick” methods (rewards or punishments) to influence their actions.
  6. Professional Criminals: These are the elite of the cyber underworld. Highly trained and equipped with state-of-the-art tools, they can penetrate even the best-protected systems.
Cyber warfare is a complex and uncertain risk environment. Threats, vulnerabilities, and consequences have continuously evolved. The cost of entry into cyber warfare is lower than traditional warfare, with malicious code readily available. Attackers can operate remotely and with great speed once a target's networks are understood.

The Hacker Spectrum

Within the broader “hacker” umbrella, you will also find various sub-types in skill and intent:

  • Script Kiddies: Unskilled individuals who use pre-made scripts to attack systems. They lack deep understanding but can still cause disruption, often seeking to impress peers.
  • White Hat Hackers: The good guys – ethical hackers who, with permission, test systems to find vulnerabilities and improve security.
  • Black Hat Hackers: The villains – they break into systems to destroy, modify, steal data, or render networks unusable for personal gain.
  • Grey Hat Hackers: Occupying the ethical grey area, they might find and publicize system defects without malicious intent, but their methods can cross legal or ethical lines.
  • Green Hat Hackers: Aspiring hackers who are learning and trying to become full-blown experts, unlike script kiddies who have no desire to learn.
  • Blue Hat Hackers: Essentially vengeful script kiddies, they attack those who have annoyed them, driven by revenge rather than a desire to learn.
  • Hacktivists: A blend of hackers and activism, they use technology to advance political or social agendas through legally ambiguous means, often defacing websites or leaking sensitive data. They use social media to amplify their message.
  • Information Warriors: Highly trained, these actors use state-of-the-art tools to target well-protected systems, often motivated by patriotism or religion, operating in the shadows to achieve their goals.

How They Strike

  • Botnets: a collection of compromised computers infected with malware that allows an attacker to control them remotely. Computers in a botnet, called nodes or zombies, are often ordinary computers sitting on desktops in homes and offices around the world. Many of these computers are infected without their owners’ knowledge and stay hidden until they are instructed to carry out a task. Such tasks may include coordinating large scale distributed denial-of-service (DDoS) attack.
  • Malware: This is a broad category encompassing all types of malicious software. Malware can damage systems, affect operations, and steal personal information. Types include:
    • Viruses: Need a host program or human action to spread.
    • Worms: Self-replicating and can spread across networks without human interaction
    • Trojans: Disguised as legitimate software, they unleash malicious actions detect.
    • Ransomware: This nasty type of malware encrypts your data and demands a ransom for its release. Some attackers even engage in “double extortion,” stealing data before encrypting it, making backups useless against data exposure.
  • Zero-Day Vulnerabilities: These are software flaws unknown to the vendor, giving attackers a critical advantage until a patch is released28. If exploited before a fix, these vulnerabilities can affect countless systems.
  • Phishing and Its Cousins: This classic deceptive tactic involves tricking users into revealing sensitive information.
    • Phishing: Uses spoofed emails or websites to obtain user information like passwords and access data. They exploit visual resemblances between characters to create fake URLs that even careful users might miss (homographic phishing).
    • Spear-phishing: A more targeted approach, focusing on specific groups with tailored, convincing emails. They often have insider information to make their emails seem legitimate.
    • Smishing and Vishing: These are phishing attacks conducted via SMS (smishing) or voice calls (vishing), often leading to malicious software downloads on smartphones. With the rise of mobile banking, these are becoming increasingly lucrative for criminals.
  • Tainted Leaks and Disinformation Campaigns: This is the amplified power of information warfare.
    • Misinformation is false information spread unintentionally.
    • Disinformation is a deliberate, intentional lie, strategically disseminated to mislead. Disinformation campaigns follow steps like strategic objective setting, brainstorming, collecting both true and false information, and hacking systems to gather authentic data for a more convincing lie. The goal is to manipulate, distort, falsify evidence to make an enemy act against their own interests.
    • Fabrication involves creating false information and presenting it as true.
    • Manipulation uses technically true information presented out of context to create a false implication.
  • Zero-Day Vulnerabilities: These are software flaws unknown to the vendor, giving attackers a critical advantage until a patch is released. If exploited before a fix, these vulnerabilities can affect countless systems.
  • DDoS Attacks (Denial of Service): These attacks overwhelm a target system with traffic, making it unavailable to legitimate users. Think of it as a digital traffic jam designed to bring a website or service to a grinding halt. Switzerland and Thailand have both experienced paralyzing DDoS attacks against government and commercial entities.

Real-World Cyber Warfare

Here are key incidents, showing how attacks hit hard:

  1. SolarWinds Supply Chain Attack: Hackers, likely state-sponsored, compromised SolarWinds’ Orion software, infiltrating U.S. government agencies and companies like Microsoft. The breach exposed sensitive data, disrupted operations, and cost billions to remediate, highlighting supply chain vulnerabilities.
  2. Colonial Pipeline Ransomware: A criminal group, DarkSide, used ransomware to shut down a major U.S. fuel pipeline, causing fuel shortages and panic buying. The attack netted $4.4 million in ransom, showing how cybercrime can paralyze critical infrastructure.
  3. Ukraine Cyber Operations: During Russia’s invasion, Ukraine faced over 4,315 Russian cyberattacks targeting infrastructure, including power grids and communications. A deepfake of President Zelenskyy, created with AI, falsely urged surrender, blending cyber and information warfare to implant confusion.
  4. Tesla Data Breach: Two former employees leaked 100GB of confidential data, including Elon Musk’s Social Security number, exposing 75,735 employees’ personal info. The breach risked a $3.3 billion penalty, proving insiders remain a massive threat.
  5. Chinese Espionage Surge: Chinese cyberattacks spiked 150%, targeting Southeast Asia, Hong Kong, and Taiwan’s government and telecom sectors. Using backdoors and cloud services like Dropbox, hackers evaded detection, stealing sensitive data for strategic advantage.
  6. North Korean Crypto Heist: North Korean hackers stole $1.5 billion in Ethereum from Dubai’s ByBit exchange, exploiting wallet software vulnerabilities. They laundered $160 million in 48 hours, marking the largest crypto heist ever and funding state operations.
These cases show cyber warfare’s reach: from economic disruption to geopolitical sabotage, and no one is immune.

Cracking the Case

Figuring out who is behind a cyberattack is like playing detective with a blindfold. Attackers cover their tracks, and even when agencies know the culprit, they cannot always reveal how without exposing their methods. Here is how they try to solve the puzzle:

  1. Tradecraft: Hackers’ habits, like specific attack patterns, can betray them, though public exposure lets others mimic their style.
  2. Infrastructure: The servers or networks used can point to culprits, but smart attackers switch them up fast.
  3. Malware: Unique code can act like a digital fingerprint, though hackers tweak it to avoid detection.
  4. Intent: Context—like targeting political foes during elections—helps pin down motives and actors.
Analysts combine these clues with human error (hackers slip up!) and collaboration with private firms to build a case. Confidence varies: high when evidence is clear, or low when tools are common and there is limited strength in evidences.

Proactive Defences and Challenges

Penetration Testing: A recognized method to explore IT system weaknesses by ethical hackers with approved permission. However, the absence of detected problems does not guarantee security; a penetration team’s inability to breach an organization does not mean it is secure. An external test may also miss vulnerabilities easily found by an insider providing information.

Attribution Challenges: Plausible deniability is a tactic used where denial of knowledge or responsibility for actions cannot be proven true or untrue due to lack of evidence. Proxies, such as private or non-state actors, are often used by states to achieve objectives with plausible deniability, low cost, and minimal political blowback.

Counterintelligence and Active Defence: aims to neutralize foreign intelligence and terrorist threats. Involves intelligence capabilities to gain knowledge about an adversary’s operations, including motive, tools, and sophistication, often through isolated environments that mimic real ones. Offensive countermeasures involve compromising an adversary’s environment to source intelligence.

Organizational Risks: Insiders, outsourcing, and budget cuts can increase vulnerabilities. Employees’ digital actions are traceable, and marketers are particularly easy targets due to their online presence and shared personal information. Vendors, suppliers, and service providers who disclose client relationships on their websites can also be targeted by adversaries seeking information about important clients.

Personal Security: Online privacy demands dedicated effort. Travel security is crucial to protect against device hacks, especially in regions with laws enabling data misappropriation. Users should be cautious of unsolicited messages to reduce breach risks.

What is at Stake?

Cyberattacks disrupt lives and societies. Here are top assets to protect:

  1. Critical Infrastructure: Power grids, hospitals, and water systems are prime targets.
  2. Internet Infrastructure: Data centres and networks are the internet’s backbone.
  3. Elections and Trust: Tainted leaks, manipulate voters and erode institutional trust. Mixing real and fake data fuels disinformation.
  4. Financial Losses: Criminals rent out hacked systems, powering a “crime-as-a-service” economy.
  5. Corporate Espionage: Stolen trade secrets give rivals or states an edge.

Closing the Cyber Gates

Sun Tzu’s advice still holds: know your enemy and yourself to win. For individuals, practice cyber hygiene—update software, avoid suspicious links, and lock down devices. Businesses need penetration testing, insider monitoring, and rapid patching to stay ahead.

In Cyber warfare, every connected device is a potential soldier on the battlefield, with countries, criminals, and hacktivists duking it out for power, money, or ideology.

IT Minister provides proactive Cyber Security Management. Our goal is to strengthen your defences and improve your security posture. This is achieved with our expert advice and complementary services. We exceed compliance standards, aiming to ensure you achieve the highest level of security maturity.

At IT Minister, we want your experience with us to be smooth from the start. Contact us to get started. We are excited to support you. If you have any questions or concerns, our support team is ready to help.

Discover the key benefits of partnering with us to enhance your cybersecurity. Download our data sheet now.

Leave a Reply

Your email address will not be published. Required fields are marked *