Digital Event Horizon
Researchers have noted an increase in collaboration between hacking groups engaged in nation-state espionage and those seeking financial gains through ransomware and other forms of cybercrime.
The collaboration between hacking groups engaged in espionage on behalf of nation-states and those seeking financial gains through ransomware and other forms of cybercrime is increasing. Tighter purse strings are a key factor in the growing overlap between these two groups. Nation-state-sponsored espionage groups are purchasing malware, credentials, or other resources from illicit forums at a lower cost than developing them in-house. The sharing of malware between cybercrime groups and governments has become increasingly common. State-sponsored malware is also being used by crime groups. The collaboration is becoming increasingly complex, with competing theories about the reasons behind it. Dual Motive groups are emerging that seek both financial gain and access for espionage. The trend highlights the growing threat landscape of nation-state-sponsored cyberattacks and financially motivated cybercrime.
In recent years, there has been a significant increase in the collaboration between hacking groups engaged in espionage on behalf of nation-states and those seeking financial gains through ransomware and other forms of cybercrime. Researchers have noted this trend, citing tighter purse strings as a key factor in the growing overlap between these two groups.
According to Mandiant, a Google-owned security firm, the uptick in collaboration comes as nation-state-sponsored espionage groups seek to blend in with financially motivated cyberattacks. This is achieved by purchasing malware, credentials, or other key resources from illicit forums at a lower cost than developing them in-house. The sharing of malware between cybercrime groups and governments has become increasingly common, with examples including the Russian-state hacking group APT44 using crimeware with names such as DarkCrystalRat, WarZone, and RadThief.
Meanwhile, the use of state-sponsored malware by crime groups has also been observed. In a recent report, Symantec security firm researchers noted an example where the RA World ransomware group used a "distinct toolset" that previously had only been seen in espionage operations by a China-linked threat group. The variant of PlugX, a custom backdoor, was found to have similarities with two other variants: Thor PlugX and PlugX type 2.
This collaboration between nation-state espionage groups and financially motivated hackers is becoming increasingly complex. Researchers at Symantec have competing theories about the reason for this collaboration, including the possibility that an actor may have been attempting to make some money on the side using their employer's toolkit.
Mandiant researchers also reported observing what they believe are Dual Motive groups that seek both financial gain and access for espionage. The report noted an increase in the sharing of malware between cybercrime groups and governments of Russia, China, and Iran. This trend highlights the growing threat landscape of nation-state-sponsored cyberattacks and financially motivated cybercrime.
In conclusion, the collaboration between nation-state espionage groups and financially motivated hackers is a complex issue that requires close attention from security researchers and policymakers. As this alliance continues to grow, it is essential to understand the motivations behind these collaborations and develop effective strategies to counter them.
Related Information:
https://arstechnica.com/security/2025/02/financially-motivated-hackers-are-helping-their-espionage-counterparts-and-vice-versa/
https://ruberli.com/2025/02/13/financially-motivated-hackers-are-helping-their-espionage-counterparts-and-vice-versa/
Published: Mon Feb 17 22:24:02 2025 by llama3.2 3B Q4_K_M
