We're at Cyberwar: A Global Guide to Nation-State Digital Attacks

In recent years, more than 20 countries have announced their intent to launch or beef up their offensive cyber capabilities. The result is a burgeoning digital arms race that presents a major threat to the security of our data.
Image may contain Graphics Art Arachnid Animal Invertebrate and Spider

map2 Francesco Muzzi

Every month, it seems, a mammoth cyberattack sponsored by a nation-state comes to light. In recent years, more than 20 countries have announced their intent to launch or beef up their offensive cyber capabilities. The result is a burgeoning digital arms race that presents a major threat to the security of our data. Here’s a look at the countries that have garnered the most headlines in the past few years and a comparison of how their cyber-offensive capabilities stack up. Our assessment is, of course, based only on known attacks. And attribution is often tricky. It’s difficult, forensically, to distinguish nation-state attacks from those of independent groups—even more so when China and Russia use state hackers and also pay freelancers when they gain access to useful systems. Amid the intrigue and mystery, one thing is clear—the online world is becoming an increasingly dangerous place.

round_US### United States

2001–2015: Target: the world. Seriously, the NSA’s reach appears to be limitless, according to documents leaked by Edward Snowden, which describe a vast hacking operation aimed at subverting the Internet’s infrastructure. OUTCOME: Global paranoia and a reduction in security for all.

2007: The US launched the Stuxnet worm against Iran to sabotage that country’s nuclear program. OUTCOME: Stuxnet succeeded in briefly setting back the Iranian nuclear program. The attack set a precedent for cyberwarfare, wherein countries launch digital assaults to resolve political disputes.

round_china### China

2009–2011: China allegedly hacked Google, RSA Security, and other companies to obtain source code and other sensitive data. OUTCOME: The hackers who breached RSA Security obtained core data used in the company’s two-factor authentication scheme favored by governments and corporations.

2014: China breached several databases belonging to the US Office of Personnel Management. OUTCOME: The hackers stole sensitive data, including Social Security numbers, relating to more than 21 million people interviewed for government background checks.

round_UK### United Kingdom

2009–2013: The UK hacked Google’s and Yahoo’s undersea cables to siphon unencrypted traffic. OUTCOME: According to documents leaked by Snowden, the UK accessed data through taps of undersea cables belonging not just to these companies but to major telecoms too.

2012: The UK’s Government Communications Headquarters hacked Belgacom to monitor all mobile traffic passing through its routers. OUTCOME: Although the hack successfully penetrated the network, the telecom has never been clear about whether the attackers intercepted customer traffic.

round_israel### Israel

2014: Israel allegedly hacked Russian security firm Kaspersky Lab to obtain intel on its research about nation-state attacks. It also struck venues in Europe where the UN Security Council met to negotiate Iran’s nuclear program. OUTCOME: The attackers may have obtained intel about Kaspersky’s research.

2012: Suspected of launching the Wiper attack against the Iranian oil ministry and the National Iranian Oil Company. OUTCOME: The malware wiped hard-drive data, then erased system files, causing the machines to crash and preventing them from rebooting. Iran insisted it had data backups.

round_northkorea### North Korea

2014: Sony Pictures Entertainment was paralyzed by an attack. The US attributed the action to North Korea and applied additional economic sanctions against the country and specific officials. OUTCOME: The attackers nabbed gigabytes of internal data and communications, which they later posted online.

2013: Computers in South Korea were struck by a logic bomb that caused data deletion and prevented rebooting. South Korea blamed North Korea for the attack but has never produced solid evidence. OUTCOME: Two broadcast media companies and at least three banks were affected.

round_iran### Iran

2012: Iran allegedly launched a virus called Shamoon against oil conglomerate Saudi Aramco’s computers. US officials blame Iran for the attack but have never produced evidence. OUTCOME: Shamoon wiped data from some 30,000 machines and destroyed system files, preventing reboots.

2011–2012: Iran launched a series of denial-of-service attacks on US banks. Though Izz ad-Din al-Qassam Cyber Fighters took responsibility, US officials claimed Iran was retaliating for Stuxnet and UN sanctions. OUTCOME: The attacks consumed resources, but no long-term damage was reported.

round_russia### Russia

2014: Russia allegedly hacked the US State Department and the White House. OUTCOME: The attackers had access to unclassified emails for President Obama as well as nonpublic details about his schedule.

2015: Russia reportedly hacked TV5Monde, a French-language broadcaster. A group calling itself the CyberCaliphate took credit, but French officials have pointed the finger at Russia. OUTCOME: The hackers blacked out broadcasting for several hours and posted messages expressing support for ISIS to the TV channel’s social media accounts.