Same Old Tricks, New Era
The operational model often employed for human intelligence gathering will be familiar to readers of espionage novels. In this traditional espionage model, a sponsor organization or â€œpay masterâ€ working on their behalf provides a threat actor in the form of an intelligence officer, and requirements for the information they wish to be collected. The intelligence officer then develops operational intelligence to support the identification and recruitment of a vulnerable individual who is likely to have, or be in a position to facilitate, access to the required information. Since it may be dangerous for the intelligence officer to physically meet with the individual (or agent), they will employ a â€œdead dropâ€. This is a physical location through which the intelligence officer can pass requirements to the agent, and through which in turn the agent will pass the collected information. Once the agent is established, they may then go on to recruit other agents.
The model employed by Determined Adversaries in conducting Targeted Attacks has striking similarities to this approach. The sponsor and the threat actor roles, albeit it with a different skill set, are a constant. However, the target is now a vulnerable computer system against which the attacker will employ operational intelligence to achieve compromise. Once the system is compromised, the attacker then employs a â€œdead dropâ€ in the form of a command-and-control server through which information can be exchanged while protecting the identity of the attacker.
In the traditional espionage scenario, there is significant risk to both the sponsor and the threat actors of being identified. However, the same model implemented by Targeted Attacks is significantly more attractive as there is less risk of the actors being identified, detained and their activities made public.