by Brad D. Williams
Since Fifth Domain launched in January, we have brought you stories covering nation-states, associated state proxies and the cyber tactics, techniques and procedures (TTPs) they employ. Much of our coverage has focused on the U.S.’s major cyber adversaries, which include Russia, China, Iran and North Korea.
In January, we analyzed the similarities and differences between the cyberattacks on the Ukraine power grid in December 2016 and December 2015. The threat actor(s) in those incidents is not currently known, but cybersecurity experts suspect it could be Russia or a Russian state cyber proxy, such as Sandworm. Sandworm is known to have developed variants of BlackEnergy, the malware used in both Ukraine grid attacks. Sandworm’s involvement in developing the malware does not prove it was involved in the cyberattacks. In fact, Iranian state actors were recently detected using BlackEnergy to attack U.S. defense contractors.
In February, we covered the emergence of Shamoon 2, a cyber proxy with ambiguous ties to Iran. That article highlighted striking similarities in the TTPs used by Shamoon 2 and the original Shamoon attacks, which occurred in 2012. The article also explained how Iran began formulating a national cyber strategy in response to the 2010 Stuxnet cyberattack on its nuclear enrichment program.