The blurry boundaries between nation-state actors and the cybercrime underground
When it comes to attributing malicious cyber activity, there are two buckets by which actors generally fall in: “financially-motivated” or “nation-state.” The former is ultimately interested in money, while the latter is more concerned with obtaining or exploiting sensitive information to gain an advantage over a government or commercial entity. For the past decade, defenders could generally discern whether attackers fit into each of the previously mentioned buckets by examining tools, infrastructure, techniques and/or processes. Now, as cybercriminal work becomes increasingly lucrative due to the amount of money or information that could be acquired, the border between those buckets is eroding. The lines between nation-state objectives and financially-motivated cybercrime have continued to blur as the relationship between profit and espionage has grown, particularly within the cybercrime underground.
Whether nation-state threat actors were seen “moonlighting” in financially-motivated cybercrime or nation-states co-opted financially-motivated cybercriminals to do their bidding, Intel 471 has seen a slow and steady change in behavior where nation-states are incorporating the cybercrime underground to achieve their goals more than ever before.
Read more on Intel471’s blog.