The Cyber Privateers
A new kind of threat actors is currently on the rise that stands somewhere between state-sponsored hacker groups such as North Korea’s Lazarus or Russia’s Fancy Bear on the one hand and the financially-motivated hackers/hacker groups that mainly strive to make a profit from their illegal activities.
The security researchers at Cisco Talos Intelligence dub this new type of cybercriminals “privateers” and report that such threat actors mainly use Ransomware viruses to achieve their goals. The specific thing about this type of hackers is that, while they aren’t getting financially supported by their governments, they are still receiving government protection while, at the same time, seeking to make a profit for themselves.
According to a recent post by Cisco Talos Intelligence, the protection that these hackers/hacker groups receive isn’t official and in most cases it is in the form of a lack of repercussions for the criminal actions performed by the cybercriminals. Supposedly, the reason some governments refuse to take action against such hacker groups is to gain the indirect benefit of not getting targeted by the latter. In addition to that, the indirectly supported hacker groups often target opposing governments to the one that is providing the support.
In practice, even though the so-called privateer hackers aren’t directly getting support or directions from their governments, they most often end up acting in the benefit of that same government, while also pushing their own financial goals at the same time.
Types of Hacking Groups
The privateer hackers are categorized as the third tier of cybercriminals.
The first tier comprises threat actors who are known to be financially sponsored by their governments and to be getting their orders from said governments.
The second tier consists of hackers/hacker organizations that are though to be operating in favour of nation states without being financially sponsored by the latter.
Then comes the privateer category of hackers – those are, as we already mentioned, threat actors that aren’t getting sponsored by their governments and are motivated by personal financial gain, but are still getting some indirect governmental protection in the form of not facing any legal repercussions for their actions.
The Rise of the Privateers
One important example of a privateer hacker group is the infamous Russian-based cybercriminal organization known as DarkSide that uses Ransomware to attack its victims. This organization is mainly known for recently attacking the Colonial Pipeline in the US and greatly disrupting the supply of oil and gas in the East Coast. The Colonial Pipeline company was eventually forced to pay a ransom of $5 million to the hackers in order to restore its operation.
According to Cisco Talos, while DarkSide is not being directly sponsored by the Russian government, it appears that the hackers from this group check the keyboard input of their potential victims and if anyone is using the Cyrillic alphabet, they do not attack them.
Lockbit is another big privateer hacker group that uses Ransomware and this one, too, avoids targeting any users from Russia or from countries that ally themselves with Russia which, in turn, gains them some indirect protection from the Russian government.
The researchers mention that such groups are starting to grow in numbers and are expected to change the cybercrime landscape in the upcoming years.
Distinguishing Traits of Privateer Hacking Groups
The main criteria that distinguishes privateers from other hacking groups is the indirect state protection and the overall refusal of the hackers to target users from the state that protects them.
However, Cisco Talos gives several other distinct characteristics of the privateer type of threat actors.
Another common trait of privateer hacking groups is that the countries they are affiliated with usually do not extradite criminals from other countries and also do not cooperate with foreign intelligence services or laws.
Additionally, most privateers focus their efforts on attacking “big” targets such as companies, businesses, and even governments/governmental organizations while rarely targeting individual users. The DarkSide hacking group is a prime example of this – in addition to targeting Colonial Pipeline, the group has also targeted the Toshiba company.
According to the researchers at Cisco Talos, this new type of cybercriminals have the potential to bring about serious social disturbances – something that became clear after the recent Colonial Pipeline attack. Also, those hacking groups are quite sophisticated, with many segments and affiliates that could make it quite difficult to bring them down.