Top 5 Must-Know Threat Actors
February 14th, 2018
Just this past week, news surfaced about Russian hacking group, Fancy Bear, targeting defense contractors’ personal email accounts to steal secrets on some of the most forward-leaning, advanced U.S. technologies.
In 2018 it couldn’t be clearer – the network perimeter has dissolved and nation-state level attackers are more confident than ever, ready to cause unprecedented levels of disruption.
From the Hillary Clinton email scandal to “WannaCry” ransomware, 2017 was marked by devastating attacks aimed at causing discord around the globe. With several groups emerging as the most successful of the year, here are the top five notable groups, including:
1. Lazarus Group
The North Korean Espionage APT group, originally detected in 2009 during a campaign against South Korea, made waves as they managed to initiate several major attacks against the financial industry. From malware in numerous Polish banks, to $60 million stolen and transferred overseas, the group was linked to highly sophisticated attacks and custom-made malware.
2. The Shadow Brokers
Most well known for being the group to successfully hack into one of the elite cyber intelligence units of the NSA, The Shadow Brokers’ ranking was secured back in 2016. Since then, the group has been leaking exploits and tools used by the NSA, which were redesigned to create the “WannaCry” ransomware.
3. Igor Sushchin
Igor Sushchin, a Russian Federal Security Service Officer, is the most unique notable hacker of 2017. As a private actor, not within an APT group, Sushchin has been made responsible for the huge Yahoo hack that compromised at least 500 million accounts in 2014.
4. Stone Panda (APT 10)
Active since 2009, Stone Panda gained attention by heavily attacking many wealthy industries in an espionage campaign dubbed as “Cloud Hopper,” which targeted Managed IT Service Providers, and ultimately their customers. Known for customizing open-source malware and hacking tools, the group secretly accessed systems via Remote Desktop Protocol or Remote access Trojans to select the potential data to be exfiltrated.
5. Fancy Bear (APT 28)
Coming full-circle, Fancy Bear is a state supported hacking group associated with the Russian military intelligence agency, GRU. In 2017, the group actively exploited a newly discovered Microsoft Office vulnerability, targeted hundreds of journalists in a long-term attack, and has been connected to the Hillary Clinton email leaks.
Understanding Today’s Adversary Behavior for a Better Tomorrow
Attackers have begun to change their tactics, expanding to more sophisticated toolkits that are in a league of their own. Given that the current threat landscape is evolving in a way never see before, we must tailor our threat intelligence to the same level of competence.
As the damage from politically motivated, nation-state sponsored attacks increases, organizations must take a critical look at historical trends to prevent attacks, and inform future security operations strategies. To assist in this undertaking, IntSights has compiled an intelligence report that includes:
- Motivators of 2017 cyber attacks
- Most notable hackers of 2017 with detailed reports on attacks and tactics
- 2018 cyber threat actor and motivation predictions
IntSights works with customers to protect against growing global threats by redefining cyber security with the industry’s first and only enterprise threat management platform. For full details, and to create effective defenses against nation-sate attackers predicted and proving to be a threat to our security in 2018, download our report: Most Notable Hackers of 2017.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.