Skip to content

The Beginner’s Guide to Cyber Espionage

One of the most tangible and growing global threats we are facing today is cyber espionage. It may sound like some exotic activity from the movies. Cyber espionage is impacting the economic and political relationships between nation­s, and ultimately, transforming the shape of modern warfare. The risks are real, so continue reading to see the big picture.

What is cyber espionage?

Cyber espionage is an advanced form of cyber attack where spies are breaking into computer systems and networks to gather sensitive governmental or corporate information for economic, political or military gain. It is considered both a threat and a motive in the cyber security playbook.

By definition, cyber espionage refers to the use of computer networks to gain illicit access to confidential information, that held by government agencies, academic institutions and other big corporations.

The majority of cyber espionage operations include social engineering techniques like spear-phishing campaigns, advanced persistent threat (APT), exploitation of vulnerabilities within operating systems, and drive-by downloads. Did you know that 20% of data breaches that happened during January 2019 and April 2020 were motivated by cyber espionage?

Cyber espionage statistics 2020

How does cyber espionage differ from cyber warfare?

The term ‘cyber warfare’ involves digital and cyberattacks on a state’s infrastructure. Cyber warfare is initiated against government and military networks with the intention of disrupting and damaging their systems. It can take numerous forms, yet all of them comprise the destruction of critical systems as the ultimate goal is to incapacitate the target country by compromising its core systems.

There are several types of cyber warfare such as sabotage, hacking the electrical power grids, propaganda attacks, etc. Long-term cyber espionage campaigns may result in cyber warfare, but this is not always the case. Some examples of cyber warfare campaigns:

Targets of cyber espionage

Interestingly, not only organisations but also various nations are hiring various experienced cyber criminals to steal data and even shut down government infrastructures. Cyber espionage typically focuses on driving geopolitics, and on stealing state and trade secrets, intellectual property rights or proprietary information in strategic fields.

Furthermore, it involves actors from diverse areas such as industry and foreign intelligence services. Cyber espionage actors most commonly seek to gain the following information:

  • academic research data
  • military intelligence
  • client or customer lists
  • payment structures
  • strategic plans and marketing tactics
  • political communications
  • research and development data

3 famous cyber espionage affairs

Cyber espionage is nothing new. Our world has already faced big challenges under the name of cyber espionage. We listed 3 well-known cyber espionage campaigns below that will make you understand the massive capabilities of intruders.

1. Cyber espionage campaign against Montenegro

The campaign appeared during Montenegro’s accession to NATO in 2017. FireEye said that a hacking group associated with Russian intelligence was actively involved in a cyber espionage campaign against government officials. The findings illustrate Russia’s continuous efforts to affect the political process in foreign countries through the use of a hacking group known as APT28 or Fancy Bear.

Spear phishing email was used during this campaign. Targets were fooled into believing the email is legit. Then, by clicking on the link, hackers activated malware to enter their computers. Between the years 2017 and 2019, Montenegro authorities have recorded a substantial rise in the number of cyber attacks, majorly hitting state institutions.

famous cyber espionage affairs

2. APT attacks against the businesses across Southeast Asia

This cyber espionage campaign targeted government agencies as well as businesses across Southeast Asia. It is believed that the group behind this campaign was Naikon. Kaspersky says that Naikon is one of the most active APTs in Asia, and has been spying on entities since 2010. This malware was detected K in the Philippines, Malaysia, Indonesia, Singapore, Nepal, and China.

Naikon’s targets are hit using traditional spear-phishing techniques, with emails delivering attachments built to be of interest to the potential victim. It has not seen the Naikon group targeting consumers. However, practically speaking, this malware can easily target users running Windows and using email. Check Point found out that Naikon has strong ties to the Chinese military and it persistently attacked ministries of foreign affairs, science and technology, and government-owned companies.

3. Slingshot campaign in the Middle East and Africa

Kaspersky Lab researchers have detected an advanced threat utilised for cyber espionage in the Middle East and Africa. The malware was called ‘Slingshot’ which attacked and infected victims via compromised routers. What made this campaign well-known was the fact that the techniques used during this campaign were unique. The methods the hackers used were highly effective at information gathering whilst hiding its traffic.

It was uncovered that the group behind Slingshot compromised the routers and placed a malicious dynamic link library inside them. According to the analysis, this campaign collected screenshots, network data, passwords, desktop activity, and more. This campaign has remained active for nearly 6 years (from 2012 till 2018) which allowed the spread of highly sophisticated malware.

Final thoughts about cyber espionage

Cyber espionage is a serious threat. With the advancement in technology, perpetrators do not need physical weapons to execute a devastating attack. We live in a world full of geopolitical tensions where acts of cyber warfare between nations are becoming more commonplace. This situation allows a hostile actor to gain illicit access to confidential information on an industrial scale. The harsh truth is that if you are a front-runner in your sector, chances are someone will try to steal your data.

Our mission at Swiss Cyber Institute is to lead cyber security public awareness and workforce development efforts to solidify the protection against global cyber threats. Unfortunately, every organisation is susceptible to malware, ransomware, hacking and social engineering. We not only raise the awareness of cyber security but also give you the opportunity to strengthen your cyber security skills and competence across all levels. Keep an eye on our weekly blog posts and keep your company’s data safe from cybercriminals.