Dark Reading News Desk recently conducted an interview with Adam Meyers, head of counter adversary operations at CrowdStrike, during Black Hat USA 2023. Meyers provided insights into the evolving landscape of cyber threats posed by various advanced persistent threat (APT) groups, specifically focusing on Russia, China, North Korea, and Iran.
Regarding Russia, Meyers noted that while the cybersecurity community was previously focused on APT groups in Russia and their activities in Ukraine, there has been a significant shift in recent times. He highlighted that China has established a massive data-collection effort, taking advantage of the attention on Russia to conduct their own cyber operations without much scrutiny. Meyers also mentioned that China’s motivations revolve around economic growth and influence-building in the Asia-Pacific region.
Moving on to North Korea, Meyers explained that their APT groups are primarily driven by monetary gains. He mentioned the National Economic Development Strategy (NEDS) launched by North Korea, focusing on areas such as energy, mining, agriculture, and heavy machinery. The North Korean APT groups target data related to these sectors to improve their economy and generate revenue through activities like cybercrime, drug trafficking, and human trafficking.
The interview then shifted focus to Iran, where Meyers highlighted the use of fake personas employed by Iranian APT groups to target their enemies, particularly Israel and the United States. However, Meyers clarified that their objective is not solely financial gain but disruption and the collection of sensitive information. These attacks aim to erode trust in political organizations and targeted companies.
When asked about identifying the motivations of APT groups, Meyers explained that it’s not difficult to differentiate between financially motivated attacks and those driven by disruption. If attackers are financially motivated, they will seek to collect payments, whereas those focused on disruption won’t prioritize monetary gains.
In terms of current attack trends, Meyers mentioned that many APT groups are targeting network appliances and devices connected to cloud systems, which generally lack robust endpoint security. Additionally, ransomware groups are increasingly leveraging legitimate credentials to gain unauthorized access and deploy ransomware, potentially crippling organizations.
Looking towards the future, Meyers anticipated the continued evolution of the vulnerability landscape by APT groups. He specifically pointed out China’s focus on intelligence collection and how vulnerability research must go through the Ministry of State Security. Meyers concluded that the APT space will likely see further advancements and adaptations from threat actors in the coming months.
Overall, Meyers’ insights shed light on the activities and motivations of various APT groups, emphasizing the need for ongoing vigilance and robust cybersecurity measures to counter the evolving threat landscape.