Home » international news » Cyber War: a guide to state-sponsored digital assaults

Cyber War: a guide to state-sponsored digital assaults

Aleesha Matharu | Updated on: 13 February 2017, 4:16 IST

Not a month goes by without reports of a new cyber attack.

But while it's no secret either that countries across the world are beefing up both their offensive and defensive cyber security capabilities - what often doesn't get documented is how many of the major security breaches around the world are, in fact, the work of governments.

Well, not directly.

State-sponsored hacker groups have the ability to worm into media networks, major corporations, defence departments and - yes - other governments and wreak havoc.

There's even a sense of glamour now attached to the word hacker - popularised by groups like Anonymous, TV shows like Mr Robot and books such as Stieg Larsson's Millennium trilogy.

This overview is based on known attacks: there will, obviously, be others that governments have kept secret.

Sadly, attribution is also tricky in several cases as most attacks that occur in the cyber sphere are anonymous. The international media and security agencies can only be left guessing in such cases.

Here's the breakdown on the world's hacking superpowers.

North Korea

North Korean leader Kim Jong-un retains tight control over the country's internet infrastructure; therefore all attacks originating from the country are almost certainly state-sponsored.

Countless resources have been poured into developing a sophisticated cyber warfare unit called Bureau 121.

Founded in the 1980s, Bureau 121 has grown exponentially to become one of the world's largest cyber organisations.

It's based in Pyongyang, but also reportedly works out of the basement of a North Korean hotel and restaurant in Shenyang, China. The unit is estimated to have recruited nearly 6,000 programmers.

A 2014 investigative report by Hewlett Packard identified Bureau 121 as being able to deliver multi-staged, coordinated attacks that could spread malware and disable or evade antivirus protections.

The bureau specialises in sophisticated distributed denial of service (DDoS), encryption obfuscation, spear phishing, watering holes, and zero day attacks.


This May 2015 Reuters report found that five years ago, US intelligence agents were unable to penetrate North Korean networks. The 2010 attempt to deliver the Stuxnet virus was part of a simultaneous attack on the Iranian and North Korean nuclear programmes.


North Korea has directed the bulk of its cyber attacks at South Korea and the US; focusing on military installations, banks, broadcasting companies, financial institutions, and government DNS servers.

In 2013, North Korea was reportedly behind a widespread attack on three South Korean broadcasters and a major bank. The attack froze thousands of news broadcasters' computers and ATMs across the country were unable to disperse cash.

In March 2015, South Korean authorities blamed North Korea for a massive data breach on Korea Hydro and Nuclear Power - the company that operates South Korea's 23 nuclear reactors.

A 2014 data breach report found that nearly half of all US companies had been hacked. Even so, there is limited evidence however of any North Korean involvement - except for the Sony Pictures case where all the executives' dirty laundry was hung out in public.


Over the past five years, under the leadership of President Hassan Rouhani, funding for cyber security has been hiked from $3.4 million to $19.8 million.

The only official cyber activity recognised by the government is conducted by the Cyber Defense Command, a branch of the military that claims to exist solely to provide defensive security to the country and its infrastructure against cyber threats.

At the attacking end, the bulk of cyber attacks executed by Iran originate from the Iran Cyber Army.

Distributed denial-of-service (DDoS), spear phishing, viruses, and brute force attacks are the most common weapons in an Iranian hacker's toolkit.

Recent research has shown that Iran's cyber warriors control thousands of systems outside the country whose IP addresses are used frequently to launch attacks.

Cloud and hosting services like Amazon and GoDaddy have also been used to create websites that infect visitors with malware designed specifically for surveillance and data exfiltration.


The definition of cyber security for the country changed after the US launched Stuxnet - a mutating computer worm - against them in 2010. It infected the industrial control systems monitoring the centrifuges at the Natanz nuclear facility.

Two stealthy malware programmes, Duqu and Flame, engineered to gather troves of data about Iran's nuclear programme for further sabotage efforts, were subsequently discovered in 2011 and 2012.

Since 2010, Iran's funding for cybersecurity has been increased from $3.4 million to 19.8 million

A cyber attack against Iran's Oil Ministry and several of its affiliates was also launched in April 2012, leaving the hards disk at the ministry's headquarters completely wiped. Although both have denied official involvement, the United States and Israel are believed to have been behind these attacks.


Iran has progressed from basic website defacements in 2010. Now, it uses malware-based espionage aimed at exfiltrating or destroying data.

An attack named "Shamoon" that struck Saudi Arabia in 2012 is thought to be one of the most destructive acts of virtual sabotage ever recorded. Hackers used malicious software to delete the data from 30,000 computers.

In June, Saudi officials blamed Iran for the theft of over half a million confidential Foreign Ministry documents, nearly 70,000 of which have since been posted on Wikileaks' website.

The US has also been a prime target for Iran's cyber warriors. During 'Operation Ababil' in September 2012, an Iranian cyber group deployed one of the most massive DDoS attacks ever launched against several major US financial institutions online, leading to severe slowdowns in traffic for some victims and complete website inaccessibility for others.

A month prior Iranian hackers, attempting to disrupt the websites of oil companies in the Middle East, conducted a four-day DDoS campaign against the servers of AT&T.


China is one of the world's leading cyber powers. But that just also makes it the world's default suspect for damaging hacks.

Media reports suggest that China may directly employ as many as 30,000 cyber spies with the People's Liberation Army. It also believed that there are an additional 150,000 private sector computer experts who augment this force.

China's principal method of attack is via brute force, or overwhelming numbers of small, low quality, and persistent information breaches. As an example, the University of Wisconsin, one of dozens of universities targeted for their intellectual property, asserted in 2013 that its networks encountered nearly 100,000 attempted breaches per day from China alone.

The country also hires groups like the Hidden Lynx - among the world's leading hacker groups - who can create customised Trojans and advanced watering holes to infiltrate targets.


China is famous for watching its own folks and has devoted significant resources toward weeding out information about political dissidents and human rights activists.


Between 2009 and 2012, China allegedly hacked Google, RSA Security, and other companies to obtain source code and other sensitive data.

In 2014, China breached several databases belonging to the US Office of Personnel management. The hackers stole a lot of sensitive data, including Social Security numbers of around 21 million people interviewed for government background checks.

China, being one of the world's leading cyber powers, is also a default suspect for most hacks

In line with their security objective, China's hackers have also launched attacks against leading defense contractors like Lockheed Martin, Northrop Grumman, and L-3 Communications, with the goal of securing information on cutting-edge weapons systems.

China's cyber warriors have launched numerous retaliatory attacks against leading media organisations, including The New York Times, The Wall Street Journal and The Washington Post following the publication of stories critical of the Chinese government.

The US

Information about US hacking activities is hard to track. The ultimate objective, of course, is national security. The NSA, CIA and United States Cyber Command are the three main organisations that work towards this cause.

A cyber army envisioned by NSA director Keith General Alexander is finally taking the form of a Cyber National Mission Force with roughly 6,000 military personnel.

The force, which will be distributed across 133 teams, is on track to be fully functional by 2016.

It will focus on three areas: providing support to combatant commanders across the globe, defense of the DoD information network, and protection of the nation's critical infrastructure and key resources.

The US' ultimate objective when it comes to the cyber space is, of course, national security

Because CIA operations are clandestine, there isn't a broad body of knowledge available to the public that demonstrates how the agency operates in the cyber domain.

But most recently, it was learned that the CIA was allegedly involved in Operation Olympic Games, a cyber campaign directed at denying Iran nuclear weapons capability.


China, Russia, and Iran have gained notoriety for striking US commercial and financial entities in recent years.

For the recent Sony Pictures attack, all roads seem to lead to North Korea. As written earlier, various banks, universities, companies and databases have been attacked by a wide variety of hackers across the world.


Pretty much the whole, world, as the NSA documents leaked by Edward Snowden revealed. The documents describe a vast hacking operation aimed at subverting the internet's infrastructure.

In 2007, the US launched the Stuxnet worm against Iran to sabotage that country's nuclear programme. Stuxnet succeeded in briefly setting back the Iranian nuclear programme. The attack set a precedent for cyber warfare, wherein countries launch digital assaults to resolve political disputes.

cyber security
First published: 7 September 2015, 10:37 IST
Aleesha Matharu @almatharu

Born in Bihar, raised in Delhi and schooled in Dehradun, Aleesha writes on a range of subjects and worked at The Indian Express before joining Catch as a sub-editor. When not at work you can find her glued to the TV, trying to clear a backlog of shows, or reading her Kindle. Raised on a diet of rock 'n' roll, she's hit occasionally by wanderlust. After an eight-year stint at Welham Girls' School, Delhi University turned out to be an exercise in youthful rebellion before she finally trudged her way to J-school and got the best all-round student award. Now she takes each day as it comes, but isn't an eternal optimist.