Nation-state players in Iran, North Korea, Saudi Arabia and Russia are getting new objectives and changing strategies, say experts.
While widely known advanced persistent threat (APT) groups emanating from Russia and China grab most of the spotlight, an array of other nation-state and adjacent threat actors are increasingly launching cyberattacks around the globe. At this year’s Cyberwarcon conference, nearly 20 of the world’s top cybersecurity researchers presented their thoughts on these less visible and complex groups, outlining their latest strategies and developments.
Iran, which is rapidly emerging as one of the most destructive of the nation-state cyberwarfare actors, has a threat group known as APT33, one of the country’s most malicious cyber actors. APT33 has targeted aerospace, defense, and energy organizations. For the most part, the group is regionally focused, targeting Saudi-owned and -operated entities, according to Saher Naumaan, a threat intelligence analyst at BAE Systems Applied Intelligence.
APT33, also called Refined Kitten, Magnallium, Holmium and Alibaba, has been around since 2014 and is best known for its data wiping malware called Shamoon, which erased at least 30,000 computers belonging to Saudi Aramco in 2012. Since then, APT33 has been implicated in campaigns against industrial players in the Middle East and Europe.[This article appeared in CSO Online. To read the rest of the article please visit here.]