Security Market Segment LS
Wednesday, 06 March 2019 08:21

No American APTs mentioned in CrowdStrike's Global Threat Report Featured

No American APTs mentioned in CrowdStrike's Global Threat Report Image by Christoph on Pixabay

US security firm CrowdStrike has issued its annual Global Threat Report about cyber threats and their incidence, but the 75-page document contains no mention of any American state-based malware, otherwise known as APTs or advanced persistent threats.

There are, however, plenty of mentions of APTs from Russia, China, Iran, and North Korea among others.

Of the threats from state-supported actors from these countries, CrowdStrike had this to say:

"Nation-state adversaries were continuously active throughout 2018 — targeting dissidents, regional adversaries and foreign powers to collect intelligence for decision-makers:

"North Korea (aka the Democratic People's Republic of Korea, or DPRK) remained active in both intelligence collection and currency-generation schemes, despite participating in diplomatic outreach.

"Iran maintained focus on operations against other Middle Eastern and North African (MENA) countries, particularly regional foes across the Gulf Cooperation Council (GCC). Additionally, it is suspected that Iranian adversaries are developing new mobile malware capabilities to target dissidents and minority ethnic groups.

"As for China, CrowdStrike observed a significant rise in US targeting, likely tied to increased tensions between the two countries.

"Russian adversaries were active across the globe in a variety of intelligence collection and information operations."

Asked about what appears to be a glaring omission, since the NSA, the premier cyber offence organisation in the US has a much bigger budget and more human resources than practically every other country, CrowdStrike's public relations director Ilina Cashiola told iTWire that the report only covered intrusions, campaigns and targeting seen in CrowdStrike's customer base as detailed in the methodology section of the report.

"[These are] either where our technology is deployed or where our team has been engaged for security services," she said. "If we haven’t reported on a particular actor, this means that we haven’t encountered them first-hand."

The methodology section of the report says CrowdStrike's "global team of intelligence professionals track 116 adversaries of all types, including nation-state, eCrime and hacktivist actors".

"We are unable to make any inferences about activities or actor motivations — APTs or eCrime — that we haven’t directly observed or analysed," Cashiola added.

iTWire then asked how the report could be considered global since threats from one very prominent country, the US, were not mentioned at all. A response is awaited.

The CrowdStrike report also mentioned other nation-state adversaries which it had tracked but not cited prominently in its report. These were:

"Adversaries linked to Pakistan and India maintained an interest in regional affairs with a rise in activity on the Indian subcontinent, observed in the summer of 2018.

"The Vietnam-based adversary OCEAN BUFFALO appeared to focus on domestic — possibly internal law enforcement — operations; however, CrowdStrike has also identified the possible targeting of Cambodia, as well as activity against the manufacturing and hospitality sectors.

"Recent technical analysis, as well as the reported zero-day use of CVE-2018-8174, suggests the South Korean-based adversary SHADOW CRANE continues to actively develop its toolkit. The target scope of SHADOW CRANE’s campaigns appears to primarily focus on victims in China, Japan, South Korea, Russia, India and the DPRK — particularly those involved in the government, think tanks, media, academia and non-government organisation (NGO) sectors."

CrowdStrike was in the news in 2016 after it was called in to investigate the breach at the Democrat National Committee in 2016, but did not allow the FBI a look at the servers, even though there were many requests for access made by the organisation which was at that time headed by James Comey.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments