With the sad evolution of the Ukraine-Russia conflict, one might think that battles have remained the same over the centuries. Tanks, missiles, guns and casualties. Although this would be bad news per se, the actual situation is far worse due to the irruption of the cyberworld.
From some years now, Advanced Persistent Threats (APTs) is a particular cyberthreat which is typically targeted to high-profile victims – ambassadors, CEOs, politicians, etc. Indeed, a vast array of population may have something valuable for attackers, such as intellectual property, money or even contacts to keep on the infection chain. One may see oneself as irrelevant, but as we are all connected, we are a link in a chain.
Several countries are well-known for their APT activity. For example, Russian APT29 compromised Solarwinds, a worldwide cybersecurity tool. North Korean Lazarus stole a substantial amount of money from banks using a sophisticated infection vector. Chinese Pandas are also remarkable for their effectiveness (e.g., Mustang Panda group), and a number of other countries (India, Iran, etc.) are increasing their activity. Several portals offer a list of known APT groups, such as Thailand’s ETDA threat actor encyclopedia.
Even the said Ukrainian conflict has witnessed the influence of APTs, with Belarus-based groups performing targeted attacks. Interestingly, the combination of APTs with fake news is challenging as they address both users and machines. The overall confidence and trust can be undermined, and this may destabilize the society in general. This wouldn’t be the first time APTs have an impact into the real world – Black energy caused power outages in Crimea, resulting in thousands of casualties due to the absence of heating.
As a natural consequence of all these facts, APTs have received extensive research attention in the last years, and they are a hot topic in the Defence community. It is important to raise awareness on this threat. For the interested reader, an online course is being taught by Universidad Carlos III de Madrid focused on cybersecurity for beginners. Complementarily, the ASSETS+ Project has prepared a number of modules on cybersecurity, with emphasis in the Defence sector.
The Defence sector is particularly concerned about this threat, so present and future professionals should keep up-to-date on this matter. This is the only way in which we may prevent their success. ENISA, as the reference forum of cybersecurity in the European Union, is an excellent source of information in this regard.
The moment is now, tomorrow will be too late. They are smart, powerful and numerous, so invest some time in training and upskilling to become a human firewall.
Prof. Dr. José María de Fuentes
Universidad Carlos III de Madrid. ASSETS+ partner