Who Are Nation-State Actors and Why Do They Want to Attack You?

Previously nation-state attacks were more akin to conspiracy theories than something businesses had to sink their teeth into.

Foreign government-sponsored attacks existed for national security teams to worry about. Even local governments were unlikely to ever deal with nation-state hackers interfering in their operations.

But that changed in 2020, and now nation-state actors are everyone’s problem.

Download our free ebook, Enterprise Action Plan for a Ransomware Attack

Learn about the changing landscape of cyber risks and get a blueprint to craft a cyber strategy framework for your organisation.

SolarWinds and How Nation-State Attacks Became Everyone’s Problem 

In December 2020, cyber security software giant SolarWinds was the victim of a nation-state attack.

The attack compromised the supply chains of over 18,000 organisations, including the Pentagon and the Department of Homeland Security, with costs likely running into the billions.

Investigations revealed a massive, precisely targeted Russia-sponsored nation-state attack knotted with back doors, fake patches, malicious code, email compromise, phishing and more.

These hackers had been inside the U.S. government and defense agency for months, accessing sensitive information. The same group of hackers were also linked to attacks at other tech companies like Microsoft, Cisco and FireEye.

The attack on SolarWinds was one of the biggest nation-state incidents, but experts agree that it definitely won’t be the last.

State-sponsored or adjacent cyber crime gangs with origins in Russia, Iran, China, North Korea and other countries have upped their espionage tactics to include directly impacting everyday lives. They have been responsible for industrial sabotage, infrastructure interference and a slew of attacks on healthcare systems to access COVID-19 related data.

The Growing Threat of Nation-State Actors

Nation-state actors are sponsored or condoned by foreign governments to disrupt, steal from, or compromise target governments, organisations or individuals. Their goal is to gain access to valuable data or intelligence and create incidents that have a global impact.

Their identities may be hidden, and they may be part of cyber armies or gangs whose principles align with a government or dictatorship. These types of attackers in particular, go to extreme lengths to cover their tracks and make it difficult to trace their campaigns back to their country of origin. Often, they will plant “false flags” to mislead cyber investigators.

Since their actions are condoned or even encouraged by a government, they can work without fear of punishment.

Over the years, nation-state attacks have become more prevalent, such as:


  • The New York Times found that in 2020, 90% of security alerts released by Microsoft warned about nation-state attacks against non-governmental or infrastructure targets.

  • The most common nation-state attack victims are IT organisations, commercial facilities, critical manufacturing, financial services and the defense industrial base.

  • Interpol detected about 907,000 spam messages, 737 malware-related incidents and 48,000 malicious URLs featuring COVID-19 honeypots traced to nation-state hacking groups.

  • Ransomware is the most commonly used tool of nation-state cyber criminals.

  • About 25% of data breaches in the last 12 months have been tied to espionage, and according to Security magazine, 36% of companies in North America reported nation-state threats in 2020.


At its core, a nation-state attack is cyber warfare. Disrupting production, transportation and services have always been part of conventional warfare. But now, criminals can carry out these attacks without leaving their homes and on any business.

Sign up for the Oxford Cyber Security for Business Leaders Programme to deepen your understanding of cyber threats, from nation-state actors to insider threats and learn how to use threat intelligence to prepare your organisation better.

Oxford Cyber Security for Business Leaders Programme is delivered as part of a collaboration with Saïd Business School, University of Oxford and Esme Learning. All personal data collected on this page is primarily subject to the Esme Learning Privacy Policy.


© 2021 Esme Learning Solutions. All Right Reserved.