Why might a nation-state target a particular business, and which industries, in particular, should be alert?
The Nation-State Actor is motivated by nationalism and tasked with gathering intelligence from or disrupting other nations via cyber means, or exploiting money from systems and people. This type of warfare has proven itself a low-cost, high-payoff way to defend national sovereignty and project national power.
The most common targets range from the technology industry (Google, Intel, RSA’s SecureID authentication), Financial Services or Influential Businesses (Operation Aurora), The Media, or other critical infrastructures, such as Government or Military offices or Gas and Electricity companies.
Overall, targets are likely to be organisations that own sensitive intellectual property, control significant finance, or are otherwise important to the running of or economy in the target country. A local bakery is unlikely to be a target, whereas a chemical processing company with proprietary compounds is far more likely to attract the attention of nation-states.
There are exceptions, though, such as when the target is a specific piece of technology (in the case of WhatsApp) where a huge amount of research and exploitation effort went into the compromise.
But once a Nation-State attacker is inside the target network, they tend to break out the 0days. At this point, they will have greater situational awareness of an organisation and more chances to ensure they’re not detected. So, utilising a collection of 0day exploits is both more likely to help them achieve their goal and less likely to have the exploit caught and rendered uselessly or “burned.”