How to Defend Against Nation State Attackers: Part Four

[Reader’s Note:] This is the fourth and final installment in a series of blog posts describing a four-step process for using open source threat intelligence (OSINT) to create effective defenses against nation-state attackers. Check out Part One, Part Two or Part Three of the series if you missed them!

Prep work can be hidden but attacks must occur out in the open

The conventional wisdom is the nation-state attacks are like lightning bolts – they come out of the blue, and there’s nothing you can do to stop them.

The first part is often accurate. Protected from scrutiny by their state-sanctioned cloak of privacy, these hackers can plan and develop their attacks behind closed doors without detection. So, the “out of the blue” description holds water.

But developing and launching an attack are two different things, and that’s where the conventional wisdom breaks down. Here’s why.

Organizations targeted by nation-state hackers are invariably legitimate – corporations, non-profits, government agencies, etc. Since these entities operate at Web’s surface, that’s where nation-state hackers need to launch their attacks. They can’t launch an effective attack from those closed environments. To succeed, they need to utilize surface-based weapons that are familiar to the intended victims.

Put another way, it’s hard for these attackers to trick an American or European into clicking on something that looks like it came from China, Russia, or North Korea. But getting those people to click on a phishing site disguised as or, or a fun-looking app in an app store is much easier.

That’s why close monitoring for that weaponization can provide the detection and warning an organization needs to protect itself. This monitoring can be done very effectively with the right tools.

This flies in the face of the idea that “there’s nothing you can do to stop” these types of attacks.

That said, protecting against nation-state attackers isn’t simple or easy. It requires an experienced staff, rigorous approach, the right tools, and sustained efforts. But it can be done successfully.


The nature of these hackers and the complexity of their attacks, cybersecurity teams need to stay on top of all the items referenced in this blog series, including exploitable data in an organization’s digital footprint, the attackers’ motivations, activities on the Dark web, and their weaponization at the surface.

Organizations need not be victims of nation-state cyber-attacks. To protect themselves, the first step is to get past the myth that conventional cybersecurity resources and tools are useless in this battle. Those tools and resources can be used effectively to thwart these attacks.

Using existing security systems and resources, coupled with the right mindset and focused efforts, organizations can entirely avoid nation-state lightning strikes.

To learn more about how to protect your organization from state-sponsored hackers, download our free whitepaper!

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.