Nation-States: They're Just Like Us. Emulating Common Tactics, Techniques, and Procedures

When attacking private organizations, nation-states often employ a variety of methodologies to gain initial access to networks, access files, exfiltrate information, and perform post-compromise tasks. These methodologies often are thought of as sophisticated, bespoke threat vectors requiring vast resources to perform. When defending against these capabilities, private organizations often think of themselves as unable to accurately model the threat or believe they are too small of a fish to be concerned. In many high-profile instances, this was, in fact, not the case. Small organizations, with their limited resources, are also targets of nation-states as they can provide access to information resources of larger organizations.By observing and analyzing tactics, techniques, and procedures (TTPs) utilized by these attackers, organizations can implement defensive measures to mitigate the threat posed by these actors and improve an organization's information security level. Many of the tools and methodologies used by nation-states are not unique to those organizations but still follow along the same lines of a commercial penetration test or a cyberattack by a non-governmental entity.