The National Counterintelligence and Security Center recently described Russia, Iran and China as “the most capable and active” among the foreign entities that pose a cyber intelligence threat to the United States.
The NCSC said in a report entitled “Foreign Economic Espionage in Cyberspace” that the three countries, using state agencies or third-party hackers, target U.S. companies and organizations in the information technology, defense, energy, finance and other sectors to obtain intellectual property and sensitive data to advance their own national economic and security objectives.
The NCSC predicted that these countries “will almost certainly continue to deploy significant resources and a wide array of tactics” in pursuit of their strategic targets.
Elsewhere in the report, the NCSC pointed out the risk posed by software supply chain attacks, where hackers, possibly acting on behalf of adversarial governments, infiltrate an application’s distribution mechanism and push out compromised copies with the aim of stealing end-user data.
The NCSC said that cyber actors are “clearly targeting software supply chains to achieve a range of potential effects,” adding that such a tactic “has already threatened the critical infrastructure sector and could threaten other sectors as well.”