Cyber espionage (cyberespionage) is a form of cyber attack that is carried out against a competitive company or government entity. The goal of cyber espionage, which may also be referred to as cyber spying, is to provide the attacker with information that gives them advantages over competing companies or governments.
As of this writing, cyber espionage is used most often in the media in reference to advanced persistent threats (APTs) launched by one nation-state against another for political gain. When the attacker's motives are financial as well as political, the cyber attack is likely to be characterized as being an example of economic espionage.
Bad actors who engage in cyber espionage typically want to remain undetected for long periods of time. This means that this type of attack is often quite complicated and expensive to carry out.
What is the difference between cyberwarfare and cyber espionage?
The terms cyber espionage and cyberwarfare are similar, but they are not the same. The biggest difference is that the primary goal of a cyberwarfare attack is to disrupt the activities of a nation-state, while the primary goal of a cyberespionage attack is for the attacker to remain hidden for as long as possible in order to gather intelligence.
Even though cyber espionage and cyberwarfare are two distinct concepts, they are often used together. For example, cyber espionage can be used to build intelligence that will help a nation-state prepare for declaring a physical or cyberwar.
What are cyber espionage targets?
Any government or large corporation can be targeted for a cyber espionage attack. Some of the most commonly targeted countries include the United States, South Korea, Japan, Russia, China and the United Kingdom. According to the U.S. Department of Homeland Security, some of the nations that are best prepared to deal with cyber attacks include -- but are not limited to -- Canada, the United States, Brazil and Germany.
What are cyber espionage tactics?
Cyber espionage tactics are varied. They include, but are not limited to:
How can you prevent cyber espionage and protect data?
Although not every company may have to worry about being targeted by nation-state hackers, cyber espionage can still be committed by individuals in rival companies, so it is a good idea to keep security at the top of mind. To protect data and prevent cyber espionage, an organization can:
- Identify the techniques used in cyber espionage attacks. This can give an organization a good baseline in what to protect.
- Monitor systems for unexpected behaviors. Using security monitoring tools can help pick up on or prevent any suspicious activity from occurring.
- Ensure critical infrastructure is protected and updated.
- Enact data policies, including who has access to what information. This will help ensure only those who need access to critical information can gain access.
- Make sure there are no vulnerabilities in a system and that any used third-party software systems are secured and well protected against cyber attacks.
- Create a cybersecurity policy that addresses security procedures and risks.
- Establish an incident response If an attack is detected, an organization should be able to quickly respond to minimize damage.
- Educate employees about security policies, including how to avoid opening suspicious-looking emails with links or document attachments.
- Ensure passwords are changed periodically.
- Monitor what data can be stored on individual mobile devices for organizations that make use of bring your own device (BYOD).
Examples of cyber espionage attacks
In 2020, U.S. organizations and government agencies were targeted by a nation-state attack. A backdoor was discovered in a widely used IT management product from SolarWinds.
FireEye, one of SolarWinds' 300,000 customers, disclosed that the nation-state attack it suffered was the result of a massive supply chain attack on SolarWinds. Access was gained to the intended victims through infected updates to SolarWind's Orion IT monitoring and management software. Up to 18,000 of SolarWinds' customers were left vulnerable, along with various U.S. government agencies. Media outlets have reported that APT29, a Russian state-sponsored hacking group also known as Cozy Bear, was behind the SolarWinds attack.
Cozy Bear attacked the Norwegian Police Security Service in 2017 by attempting to spear phish the emails of nine members in the Ministry of Defense, Ministry of Foreign Affairs and the Labor Party.
Cozy Bear and another group, Fancy Bear made multiple attempts to hack into Dutch ministries and the Ministry of General Affairs that same year. The attack tried to obtain sensitive information concerning government documents.
North Korea has been involved in a number of cyber espionage attacks that have targeted countries such as South Korea, Japan and Vietnam.
North Korea is responsible for a state-sponsored hack of Sony Pictures in 2014. The Sony hack was conducted using malware and used a Server Message Block worm tool. U.S. investigators believe the culprits who carried out this economic espionage took two months to copy critical files and targeted Sony as a trial-run for future political cyber espionage.