Security Market Segment LS
Wednesday, 06 March 2019 08:21

No American APTs mentioned in CrowdStrike's Global Threat Report Featured

No American APTs mentioned in CrowdStrike's Global Threat Report Image by Christoph on Pixabay

US security firm CrowdStrike has issued its annual Global Threat Report about cyber threats and their incidence, but the 75-page document contains no mention of any American state-based malware, otherwise known as APTs or advanced persistent threats.

There are, however, plenty of mentions of APTs from Russia, China, Iran, and North Korea among others.

Of the threats from state-supported actors from these countries, CrowdStrike had this to say:

"Nation-state adversaries were continuously active throughout 2018 — targeting dissidents, regional adversaries and foreign powers to collect intelligence for decision-makers:

"North Korea (aka the Democratic People's Republic of Korea, or DPRK) remained active in both intelligence collection and currency-generation schemes, despite participating in diplomatic outreach.

"Iran maintained focus on operations against other Middle Eastern and North African (MENA) countries, particularly regional foes across the Gulf Cooperation Council (GCC). Additionally, it is suspected that Iranian adversaries are developing new mobile malware capabilities to target dissidents and minority ethnic groups.

"As for China, CrowdStrike observed a significant rise in US targeting, likely tied to increased tensions between the two countries.

"Russian adversaries were active across the globe in a variety of intelligence collection and information operations."

Asked about what appears to be a glaring omission, since the NSA, the premier cyber offence organisation in the US has a much bigger budget and more human resources than practically every other country, CrowdStrike's public relations director Ilina Cashiola told iTWire that the report only covered intrusions, campaigns and targeting seen in CrowdStrike's customer base as detailed in the methodology section of the report.

"[These are] either where our technology is deployed or where our team has been engaged for security services," she said. "If we haven’t reported on a particular actor, this means that we haven’t encountered them first-hand."

The methodology section of the report says CrowdStrike's "global team of intelligence professionals track 116 adversaries of all types, including nation-state, eCrime and hacktivist actors".

"We are unable to make any inferences about activities or actor motivations — APTs or eCrime — that we haven’t directly observed or analysed," Cashiola added.

iTWire then asked how the report could be considered global since threats from one very prominent country, the US, were not mentioned at all. A response is awaited.

The CrowdStrike report also mentioned other nation-state adversaries which it had tracked but not cited prominently in its report. These were:

"Adversaries linked to Pakistan and India maintained an interest in regional affairs with a rise in activity on the Indian subcontinent, observed in the summer of 2018.

"The Vietnam-based adversary OCEAN BUFFALO appeared to focus on domestic — possibly internal law enforcement — operations; however, CrowdStrike has also identified the possible targeting of Cambodia, as well as activity against the manufacturing and hospitality sectors.

"Recent technical analysis, as well as the reported zero-day use of CVE-2018-8174, suggests the South Korean-based adversary SHADOW CRANE continues to actively develop its toolkit. The target scope of SHADOW CRANE’s campaigns appears to primarily focus on victims in China, Japan, South Korea, Russia, India and the DPRK — particularly those involved in the government, think tanks, media, academia and non-government organisation (NGO) sectors."

CrowdStrike was in the news in 2016 after it was called in to investigate the breach at the Democrat National Committee in 2016, but did not allow the FBI a look at the servers, even though there were many requests for access made by the organisation which was at that time headed by James Comey.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments