8941840492?profile=RESIZE_400xRecently a trusted cyber professional of Red Sky Alliance, with close to 40 years in the business said, “As cyber technology grew in the last thirty plus years, our international community sacrificed security for convenience.”  So true. 

Now we ask: if a Russian cyber-criminal group[1] or the North Korean military hacks[2] your company, places ransomware on your network because of corporate carelessness and then demands millions to unlock your valuable data - at that point - does it really matter who committed the malware attack?  Your company has come to a screeching halt.  Now you have a devastating financial loss that may have been prevented.    

The US Department of Defense (DoD), Cyber Policy division, recently stated, "The line between nation-state and criminal actors is increasingly blurry as nation-states turn to criminal proxies as a tool of state power, then turn a blind eye to the cyber-crime perpetrated by the same malicious actors."  This statement was provided during a hearing on 14 May 2021 before the US House of Representatives, Armed Services Committee.

The DoD policy division explained the Russian security services are commonly known to leverage the activities of cyber criminals and often defend them from prosecution for crimes committed for personal benefit.  Many believe this is exactly what happened with the recent Colonial Pipeline cyber-attack (Darkside group).  "We have also seen some states allow their government hackers to moonlight as cyber criminals.  This is not how responsible states behave in cyberspace, nor can responsible states condone shielding of this criminal behavior."

For US authorities, knowing who is responsible for malicious cyber behavior is important because it determines how to response and to whom to target.  When non-state actors are engaging in financially motivated crimes it is the US Federal Bureau of Investigation (FBI) and the US Department of Justice (DOJ) who are responsible for pursuing those cyber criminals.  "The challenge I think that we have is that when those attacks first come across the network and impact us, when we see that malicious activity, it's always a challenge of attribution to be able to pull it apart and figure out who are the state actors and who are the non-state actors, [and] which elements of government would then be tasked with the lead to disrupt that activity varies based on location and whether or not they are criminal or not," a DoD representative explained. 

While the FBI and DOJ handle criminal activities inside the US, it is the role of US Military Cyber Command to focus on cyber threats against the homeland from adversary nation-states.  State sponsored hackers are the focus of the Cybercom and National Security Agency (NSA).  One area where the role of Cybercom proved important was in the 2020 national election.  The security of the 2020 election was ensured through the Election Security Group, which is a combined effort of Cybercom and NSA.[3]  "We built on lessons from earlier operations and honed partnerships with the FBI, and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), sharing information with those who needed it as fast as possible.  To protect the 2020 elections," Cybercom said, "Cybercom conducted more than two dozen operations to get ahead of foreign threats before they were able to interfere with or influence elections.  I'm proud of the work the command and the election security group performed as part of a broader government effort to deliver a safe, secure, 2020 election," a Cybercom chief boasted.

With the recent hack of the Colonial Pipeline Company by ransomware actors, many believe the Russian government had knowledge of the attack.  However, some researchers think that the Darkside actor(s) possibly angered nation-state hacking groups, who are now turning their backs on Darkside and attempting to disband them in retaliation for drawing such an international spotlight on the criminal ransomware industry.  Darkside created a serious wound that will not heal easily. 

Ask truck and cars drivers in the US living in southeastern states if they care why the attack happened or who committed it.  Even after the pseudo-identification of the criminals were exposed; people could not get gas and many STILL cannot get gas.  They don’t really care who committed the attack, yet they mad and now want retribution.  Darkside screwed up big time. 

Good cyber security posture is a necessity and if employed properly will drastically reduce your vulnerabilities against cyber threats.  Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization and has been helping companies since 2013 with proactive approaches to cyber security.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings

REDSHORTS - Weekly Cyber Intelligence Briefings



[1] https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/

[2] https://portswigger.net/daily-swig/beyond-lazarus-north-korean-cyber-threat-groups-become-top-tier-reckless-adversaries

[3] https://www.defense.gov/Explore/News/Article/Article/2618386/in-cyber-differentiating-between-state-actors-criminals-is-a-blur/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance