The threat landscape is changing. Organizations need to defend against an ever-evolving tranche of threat actors. For a long time, the lines that distinguish state-sponsored and crimeware groups were well-defined. We believe this is no longer the case. In today's landscape, there are groups that, although their modus operandi (MO) is consistent with crimeware groups, act like state sponsored groups. This poses new challenges to the defending organizations as these groups become more prevalent and dangerous which, depending on the organization's risk profile, may require more attention.
In light of recent events, we believe it's time to recognize that a new category can be defined, one where the ransomware syndicates enjoy some kind of protection from Governments, even if not intentionally. Therefore, Talos proposes the term "privateers'' to describe actors who benefit either from government decisions to turn a blind eye toward their activities or from more material support, but where the government doesn't necessarily exert direct control over their actions. Which in itself does not diminish the responsibility these governments share with these groups by protecting them or simply allowing them to operate by turning a blind eye.
It's easy to split state-related actors in two main categories: ones that have been directly associated with state structures, like the U.S.'s National Security Agency, APT28, APT29, APT1, and the ones that, in spite of not being directly associated with a specific state, there is a common agreement in the infosec community that they benefit from decisions that the state makes to support them.
The first kind of groups' (tier one) motivations, u ..
Support the originator by clicking the read the rest link below.