The Nation State Actor has a ‘Licence to Hack’. They work for a government to disrupt or compromise target governments, organisations or individuals to gain access to valuable data or intelligence, and can create incidents that have international significance.
They might be part of a semi-hidden ‘cyber army’ or ‘hackers for hire’ for companies that are aligned to the aims of a government or dictatorship. The Nation State Actor knows exactly what they’re getting into, and knows full well that the mayhem they’re spreading overseas is tacitly supported by their state.


They can work without fear of legal retribution – they will be highly unlikely to be arrested in their home country for what they’re doing. The Nation State Actor often has close links to the military, intelligence or state control apparatus of their country, and a high degree of technical expertise.
Alternatively, Nation State Actor recruits may be picked for specific language, social media or cultural skills to engage in espionage, propaganda or disinformation campaigns. The Nation State Actor will have the resources and capabilities of their government behind them, and take instruction from other government employees or members of the armed forces.
Nation State Actors also influence other Suspects, introducing new insights, tactics and attacks that are copied by others.


The Nation State Actor is motivated by nationalism, and tasked with gaining secrets from or disrupting other nations via cyber means. This isn’t a task for the Getaway or the Activist – although both can easily end up being recruited, duped or coerced into acting on behalf of a nation state.
Nation-State Actors operate covertly and almost never acknowledge ownership of their actions, unlike our other Suspects, for whom claiming credit can be part of the reward for their labours. Nation-State Actors will go extreme lengths to cover their tracks, and to make it as difficult as possible for cyber security experts to trace their campaigns back to their country of origin – often planting ‘false flags’ to mislead attribution efforts.

Modus Operandi

The Nation State Actor is a specialist with a remit for specific tasks. They’ll be tasked with stealing industrial secrets, disrupting critical national infrastructure, listening in on policy discussions, taking down companies that offend its leaders in some way, or conducting propaganda or disinformation campaigns within and outside of their country’s borders. 
The Nation State Actor will use social engineering to target vulnerable or high-profile individuals with carefully crafted spear phishing emails. Alternatively, they may ‘poison the well’ by compromising strategic websites, using them to serve malicious software to their visitors – and snaring their victim in doing so. 
The Nation State Actor may also ‘soften up’ their target through further social engineering such as creating spoof profiles on social networks, or by first compromising the target organisation’s supply chain.
The significant resources at the disposal of the Nation State Actor can be directed toward complex attacks against specific hardware, such as the Stuxnet malware directed at Iran’s nuclear manufacturing facilities at Natanz. It may also involve actions against specific governments, as shown by the activities of the Sofacy and Operation Cleaver groups, or against target organisations; 2014’s attack on Sony Pictures led to the US Government imposing further sanctions on North Korea, for example.
Alternatively, as an extension of the state’s security apparatus, the Nation State Actor may be tasked with tracking, disrupting and persecuting dissidents or activists. Other groups of Nation State Actors specialise in propaganda and disinformation in cyber space, forming armies of trolls that fight back against unfavourable, controlled or biased media sources to attempt to raise their employer’s reputation.

Are Industry Bodies Exposing Your Business to Cyber Attack?

Think tanks and industry bodies have been the target of cyber attack for some time. They are attractive because of the level of trust they have with participants from business and government organisations and the indirect access that gives to attackers.
James Hatch, our Director of Cyber Services at BAE Systems Digital Intelligence, explains how BAE Systems has identified and countered threats to industry bodies and simple, non-technical remedies that can be applied to organisations dealing with them.
Are industry bodies exposing your business?

Get in touch to speak with one of our experts,

or download The Unusual Suspects Overview to find out more:

The Unusual Suspects Overview Cyber Security Services
12 Default Profile Image
Head of External Communications
Media Team
Digital Intelligence