top of page

Threat Actors to Look Out For - State Actors

Based upon typical news coverage related to cybersecurity, there appears to be a general assumption that the culprits behind data breaches are predominantly criminals. While criminal organizations may be responsible for most breaches, the threat landscape includes a variety of players having diverse objectives. For any organization wishing to assess potential risks of a data breach, it is important to understand the reasons why they may be targeted by human hackers.

What are state actors?

State actors work for a government to undermine or compromise targets' governments, organizations or people in order to get important information or intelligence. Practically every nation state in the world has an intelligence apparatus that strategically collects intelligence for both defensive and offensive purposes.

What motivates state actors?


While the U.S. intelligence community does not typically collect information on commercial companies overseas, many foreign intelligence services do target U.S. corporations. They are trying to steal technology by acquiring intellectual property. Advancements in technology typically require years of research at significant development costs. If the state actor can effectively steal such technology, they can save considerable time and money while propelling their respective industries to better compete with U.S. companies. China is the most notorious for this.

Customer or personnel data

Another area of focus by some state actors in conducting data breaches is gaining access to a target entity’s customer or personnel data. Just as large companies such as Meta and Google build databases on consumers to be used for marketing purposes, some state actors appear to be gathering detailed data on U.S. citizens for potential exploitation in future intelligence operations. The 2014 and 2015 breaches of the Office of Personnel Management (OPM) as well as the 2017 breach of Equifax, both conducted by the Chinese, are clear examples of this. Imagine how useful this information could be in their targeting of specific individuals having security clearances and entrusted with our nation’s secrets?

Critical infrastructure

Many state actors will also attempt to breach the security of organizations which are part of our nation’s critical infrastructure such as energy and water utilities, financial networks, food distribution, transportation modes and information and communication technology. Probes are conducted to detect vulnerabilities which can later be exploited in the event of a potential geopolitical conflict leading to cyberwarfare. The fact that no “visible” breach has been detected, lulls many organizations into a false sense of complacency believing that they are adequately protected from such threats.

Few people realize that some state actors are involved in ransomware and business email compromise (BEC) attacks. For countries such as North Korea, financial extortion is a means of generating badly needed hard currency reserves.

State actors vs. criminal groups

It is important to highlight that the actions taken by some state actors are not mutually exclusive to criminal groups. In fact, state actors may sometimes use criminal groups to undertake a cyber-attack. In addition to leveraging the criminal group’s extended network, it will provide a means of non-attribution back to the state actor.

In the case of Russia, there is a clear understanding between the intelligence services and criminal groups regarding what is considered “fair game.” The government provides a safe haven to many criminal groups as long as they do not conduct attacks against entities of interest to the Russian state. In the rare case that this is violated, the Russian government has taken swift action to eliminate or severely punish the criminal group.

How to protect yourself against threat actors

Understanding the various threat actors and their objectives must be the first step in developing a proactive security awareness training program which will help minimize successful data breach attempts. Failure in doing so, will leave entities with more costly reactive measures after a devastating breach has taken place. Finally, you should always verify, then trust to keep you and your information safe.


About the Counterintelligence Institute

Founded by former CIA senior intelligence officer Peter Warmka, the Counterintelligence Institute’s mission is to assist your corporations, government offices, academic institutions and non-profit organizations in protecting your sensitive information and personal data records against security breach attempts. Our online and onsite training services focus on transforming the human factor from being the weakest link in security to becoming the most effective defensive tool against security threats against your company and personal life.


Recent Posts

See All


bottom of page