R46974 — Cybersecurity: Selected Cyberattacks, 20122025

Many Members of Congress have raised concerns over the frequency, types, and impacts of cyber incidents during hearings, speeches, and in legislation. Cyber incidents affect nearly every national entity, from federal and state government agencies to private companies and individuals. One course of action to stymie attacks has been to investigate the adversaries that conduct cyberattacks, what types of activities they conduct online, and how the U.S. government can identify them. To assist with Congress’s understanding of cyberattacks, this report describes attribution in cyberspace, confidence of attribution, and common types of cyberattack. Listed in this report are two categories of cyberattacks by foreign adversaries against entities in the United States: cyberattack campaigns that the federal government has attributed to actors operating on behalf of nation-states, and cyberattacks the government has attributed to criminal actors seeking personal gain. In investigating cyber incidents, the U.S. government attempts to unmask those behind the incident and attribute it as an attack. Attributing cyberattacks is difficult, but not impossible. Officials seek to develop a comprehensive understanding of the cyber incident not just from the victim, but also by corroborating that information with other government and private-sector evidence to make a claim of attribution. While a process exists to repeatedly and consistently develop a claim of attribution and a confidence level in it, adversaries take steps to complicate these efforts by obfuscating and removing any trace of their activity, and using new infrastructure to make it difficult to track attack campaigns. Nation-states are some of the most sophisticated actors that conduct cyberattacks. The Director of National Intelligence is required to provide Congress an annual assessment from the intelligence community on worldwide threats. Recent assessments have highlighted cyberspace as an area of strategic concern, with the People’s Republic of China, the Russian Federation, the Democratic People’s Republic of Korea (North Korea), and the Islamic Republic of Iran as the leading threat actors. Attacks from these countries include spying on government agencies by accessing agency computers, stealing sensitive information from public and private-sector entities in the United States, stealing intellectual property, and destroying or potentially destroying computer equipment. Nation-states may also direct private entities or criminal groups to carry out attacks to meet the goals of the country. Cyber criminals are less resourced than nation-state actors and are less likely to employ novel and cutting-edge techniques in campaigns, yet their attacks are often highly effective. Most criminals are financially motivated and use cyberspace as a medium for conducting profit-bearing schemes. However, gaining money is not a requirement for illicit activity. Cyberattacks against victims in the United States from actors located abroad include compromising computers to create and maintain botnets, business email compromise schemes, hack and release campaigns, and ransomware attacks.

Curated by CRS — every bill listed in this report's relatedMaterials. Edge type cited_in_report, gold confidence.

No bill citations on file.