Advanced persistent threats and the “big four”: State-sponsored hackers in China, Iran, Russia, and North Korea in 2003–2021

Abstract

The author investigates a range of international hacking groups collectively known as advanced persistent threats (APTs), which have conducted a concentrated number of cyber operations from four authoritarian states – China, Iran, Russia, and North Korea. The author collected data on 112 APTs that operated in 2003-2021 across the globe and analyzed their behavior and state affiliations to conclude that APTs’ ties to the “big four” can be explained by the strategic goals of authoritarian states to supplement their military and economic power. The ties have also much to do with states possessing sufficient political capital at home to challenge existing norms of cyberspace behavior. Moreover, the big four boast a high degree of digital expertise and heavy investment into the superiority of cyber offense over defense. The author provides empirical support for the findings in a comparative case study of Chinese and Iranian cyber forces.