How Nation States Are Using A Sixteenth Century Ruse To Commit Cyberattacks

March 6, 2025

Findings from Netskope reveal that nearly two-thirds of attributable malware used in attacks over the past year are linked to state-backed groups.

The report is based on 12 months of data collected from customer environments. The largest share of malware attacks came from North Korean groups, followed by China and Russia.

The findings highlight the growing digital threat from state-backed cyber-threats, with North Korean actors focusing mainly on profit, while China and Russia target high-value victims such as critical infrastructure providers for disruption and cyber-espionage. The report also mentions that state-affiliated actors are outsourcing operations to cybercriminals, further complicating attribution.

Netskope's CEO, Sanjay Beri, emphasized the importance of understanding who is targeting you, what their goals are, and how they're trying to achieve them in order to put in place the best cyber defense strategy. The report also notes that attribution can be challenging because of adversaries trying to hide their true identities or launching false-flag operations.

Overall, the article underscores the escalating cyber attacks carried out by nation state actors and the need for businesses and individuals to be aware of these threats and take appropriate measures to protect themselves. https://www.infosecurity-magazine.com/news/twothirds-attributable-malware/ (Oct. 17, 2024).

Commentary
 

The above source mentioned that the nation states are using "false flag operations". A false flag operation is an act committed with the intent of disguising the actual source of responsibility and pinning the blame on another party.

The term originated in the 16th century and was initially used to describe a ruse in naval warfare where a vessel flew the flag of a neutral or enemy country to hide its true identity. This tactic was used by pirates and privateers to deceive other ships into allowing them to move closer before attacking.

In modern contexts, false flag operations extend to include actions carried out by countries or groups that make the attacks appear to be by enemy nations or terrorists. This gives the nation that was supposedly attacked a pretext for domestic repression or foreign military aggression. These operations are often calculated to generate sympathy for the attacked group and can be used to justify various actions.

In the cyber context, a false flag operation may try to disguise an attack as coming from a cyber gang when, in reality, it is a nation state seeking to steal information or disrupt operations. 

Organizations can take several steps to prevent cyber false flag operations including:

  • Implement Advanced Threat Detection Systems: Utilize sophisticated cybersecurity tools that can detect anomalies and unusual patterns in network traffic. These systems can help identify potential false flag operations by recognizing when an attack does not match the typical behavior of known threat actors.
  • Conduct Regular Security Audits: Regularly review and update security protocols to ensure they are robust against the latest threats. This includes auditing network logs, access controls, and incident response plans to identify and mitigate vulnerabilities.
  • Enhance Attribution Capabilities: Invest in technologies and expertise that improve the ability to accurately attribute cyber-attacks. This includes leveraging threat intelligence, forensic analysis, and collaboration with other organizations and government agencies to share information about emerging threats.
  • Educate Employees: Provide ongoing training to employees about the tactics used in cyber attacks, including false flag operations. Educated employees are more likely to recognize and report suspicious activities, which can help prevent successful attacks.
  • Develop Incident Response Plans: Create and regularly update incident response plans that include specific procedures for dealing with suspected false flag operations. This ensures that the organization can respond quickly and effectively to minimize damage and identify the true source of the attack.
  • Collaborate with External Partners: Work with industry peers, cybersecurity experts, and government agencies to share information about threats and best practices. Collaboration can enhance the overall security posture and provide early warnings about potential false flag operations.

The final takeaway is that by implementing these measures, organizations can better protect themselves against the sophisticated tactics used in cyber false flag operations and ensure a more secure digital environment.

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

How Nation States Are Using A Sixteenth Century Ruse To Commit Cyberattacks

Startling findings suggest nation states are primarily responsible for malware, outpacing criminal gangs. We look at how they are using 16th century techniques to do it.

Employee/Customer Data On Black Market Triggers Federal And State Laws

A foreign executive is accused of selling the data of 31 million customers on the black market. What laws does the U.S. have regarding the sale of personal data? We examine.

Passports: The Personal Identifier That Goes The Extra Distance For Online Criminals

A major hotel chain is hacked, and passport information was stolen from guests. We explain why your passport data is valuable to criminals.


This site uses essential/technical cookies to function. Cookies allow us to provide the best experience possible and must be enabled to use this site properly. By continuing to use this site, you agree to our use of cookies. Please see our Privacy Policy or How to Enable Cookies for more information.

An error has occurred. We have been notified and are working to resolve the problem. Please return to the front page and try this action again later.

Error!

An Error has ocurred on this site.

The error has been reported to our programmers and we are working to correct it. We generally get errors fixed overnight, so please feel free to try this action again tomorrow.