Report: State-Sponsored Hackers Are Getting Better at Hiding Their Identities


Security researchers also warn Iran might be gearing up to target U.S. companies with information warfare.

Digital adversaries are adopting more sophisticated strategies to mask their identities, which could make it harder for the U.S. to attribute cyberattacks to specific groups, according to a recent report.

In recent years, the cybersecurity community has found itself vexed by a handful of attacks that couldn’t be easily pinned on a single group, security researchers at Booz Allen Hamilton said in an annual report on cyber trends.

The uptick in unidentifiable incidents suggests state-sponsored hacking rings have gotten better at tricking researchers into assigning blame to the wrong group, they said, which would undermine the government’s primary cyber deterrence strategy.

Since 2014, the U.S. has relied on a strategy of “naming and shaming” foreign governments for their misdeeds in cyberspace as a way to dissuade attacks. But as bad actors mask themselves by adopting “other groups’ ‘signature’ tools” and exploiting other weaknesses in the attribution process, researchers said the government could lose its ability to identify and punish them.

Beyond improved deception tactics, researchers also expect foreign adversaries to double-down on information warfare over the next year, particularly as a means for economic gain.

“States will increasingly use their growing information warfare methods … to generate investor, regulatory, consumer or political backlash against targeted sectors and companies by fabricating or inflaming public relations and legal controversies,” they wrote in the report.

Researchers warned the likely perpetrator of such attacks will be Iran, where U.S. sanctions are suffocating the national economy.

In the report, they said adversaries will increasingly take advantage of vulnerabilities in the internet of things and the growing ecosystem of Bluetooth-enabled devices. They advised agencies and industry to also stay on the lookout for digital intrusions into water utilities, which are often less secure than energy plants, and efforts to spread deepfake videos.