To stay safe in an increasingly hostile online world, the first step is to understand the kinds of people and groups who are actively attacking others online.
At the top of that ever-growing cybercriminal population are the so called Advanced Persistent Threat or APT groups in cybersecurity jargon. The following groups are among the best and best known in the world.
The Equation Group
Likely the world's best state-sponsored hacking group, The Equation Group is another name for the US National Security Agency's Tailored Access Operations (TAO) hacking team. The Equation group was responsible for researching and developing key Windows vulnerabilities that were later lost to another Russian-affliated hacking group, The Shadow Brokers, who subsequently leaked them in 2017 leading to the major global malware outbreaks known as WannaCry and NotPetya.
Country: United States of America
Primary motivation: Intelligence gathering, advancing US foreign interests
Claim(s) to fame: Stuxnet, Flame malware, EternalBlue SMB exploit
Russia's elite state sponsored hacking team also known as Fancy Bear, Tsar Team, APT 28 and more. Fancy Bear is alleged to have been behind the infamous breaches of the Democratic National Committee in the United States, causing significant chaos during the 2016 US Presidential Election. Fancy Bear is best known for its efforts to hack government entities including the German parliament, the White House and more. They've also targeted journalists and media outlets.
Country: Russian Federation
Primary motivation: Destabilizing the global status quo.
Claim(s) to fame: DNC hack, TV5Monde attack, 2018 Olympic Opening Ceremony attack
The Lazarus Group
Country: North Korea
Primary motivation: Financial gain
Claim(s) to fame: Sony Pictures hack, Bangladesh National Bank Heist, WannaCry ransomware
Also known as Hidden Cobra and The Guardians of Peace, Lazarus is North Korea's elite hacking team. Lazarus primary goal over the past two years has been to steal or extort funds to help support the North Korea regime.
Lazarus is alleged to have been responsible several devastating malware attacks against South Korean government, banking and telecommunications. They've also been known to hit private sector firms that raise the ire of the North Korean leadership as Sony Pictures did with the film The Interview. Lazarus has been linked to the theft of $81 million from the Bangladesh National Bank in 2017.
The Comment Crew
While The Equation Group is likely the world's oldest and most advanced advanced hacking groups, China's The Comment Crew holds the title as the world's first named Advanced Persistent Threat (APT 1).
While not the most sophisticated global hacking team nor China's most advanced threat team, APT1 is known for its sheer prolific nature having attacked thousands of organizations around the world and stolen terabytes with of confidential information including personal identifiable data, government secrets and patentable technology.
Primary motivation: Intelligence gathering, intellectual property theft
Claim(s) to fame: RSA, Lockheed Martin, Coca Cola
As a proud Canadian company, we feel Canada's elite state sponsored hacking team deserves its own APT code name and mention in this list.
Canada's offensive and defensive expertise exists within the Communications Security Establishment or CSE. The world received a brief glimpse of CSE's hacking prowess when covert Canadian programs were outed by Edward Snowden in 2012.
As part of the so-called Five Eyes intelligence sharing group that includes the United Kingdom, the United States, Australia and and New Zealand, Canada's hacking team participates in global Internet data collection programs. According to published reports, Canada's hackers have developed tools and techniques for targeting mobile devices and work closely with the NSA on areas of mutual interest.
Primary motivation: Intelligence gathering, anti-terrrorism, economic intelligence
Claim(s) to fame: Brazilian Mines and Energy Department hack
David Shipley is the co-founder and CEO of Beauceron Security Inc. He is a certified information security manager (CISM) and an international speaker on cybersecurity and cyber risk. David frequently appears in the media to talk about cybersecurity, technology and society.