According to new research by net security firm FireEye, nation-state driven cyber attacks often take on a distinct national or regional flavor that can uncloak their origins.



A skillful blending of forensic “reverse-hacking” techniques combined with deep knowledge of others’ cultures and strategic aims can uncover the perpetrators of computer viruses, worms, and denial of service attacks.

Senior global threat analyst at threat protection biz FireEye, Kenneth Geers, explained: “Cyber shots are fired in peacetime for immediate geopolitical ends, as well as to prepare for possible future kinetic attacks. Since attacks are localized and idiosyncratic—understanding the geopolitics of each region can aid in cyber defense.”

Professor Thomas Wingfield of the Marshall Centre, a joint US-German defence studies institute, said, “A cyber attack, viewed outside of its geopolitical context, allows very little legal maneuvering room for the defending state."

According to FireEye, the key characteristics for some of the main regions of the world include:

• Asia-Pacific: home to large, bureaucratic hacker groups, such as the “Comment Crew” who pursues targets in high-frequency, brute-force attacks.
• Russia/Eastern Europe: More technically advanced cyber attacks that are often highly effective at evading detection.
• Middle East: Cybercriminals in the region often using creativity, deception, and social engineering to trick users into compromising their own computers.
• United States: origin of the most complex, targeted, and rigorously engineered cyber attack campaigns to date, such as the Stuxnet worm. Attackers favor a drone-like approach to malware delivery.

FireEye's report, titled World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks, can be found here (PDF).