It'd be useful if someone at State could inform CISA of the meaning of the term "nation-state", unless CISA is very subtly trying to signal which particular countries these attacks are coming from, since nation-states are a small subset of all countries.
Nation-state has a few different uses, the most common of which seems to be exactly what is correctly used here, the principal soveriegn subjects of international law under the Westphalian system (these are typically know in international law as simply “states” but outside of documents of a clearly international-law character, that is easily conflated with other meanings of “state”, especially in places like the US where that term is typically used for subordinate entities.)
Weird pedants want to insist that the only proper use of the term is for states in the international law sense whuch are coextensive with nations in the sociological sense, which was somewhat normalized as an ideal, particularly in Europe, compared to the status quo ante by the Westphalian system, which both sonewhat aligned states with nations and resulted in states where working to reshape national identity around their own citizenry. But this sense is a pure unrealized ideal: there is essentially nothing which is actually a nation-state in this sense, though its a common aspirations, with nations without states seeking to form states and states without nations seeking to build national identities, and nations that roughly correspond to states, or vice versa, trying to round out the edges (sometimes via building more inclusive national identities, sometimes via ethnic cleansing) — but its only ever at best aoproximate and always in flux.
Whatever else is going on with terms like "nation-state", there's some creepy politics behind the notion that countries are generally nations. I'm fine with the idea that "nation-states" don't generally exist. The word "state" in "state-level actor" is unambiguous.
Honestly, with or without “nation-”, “state-level actor” is a useless phrase, because (other than juridically), “state” isn't a level of an actor (particularly, it isn’t a capability level.)
If you mean a “major regional power”-level actor, or a “global superpower”-level actor, then say that, but a category that includes both the United States of America and Tuvalu isn't communicating a coherent capability level in any domain.
Google can probably outspend the Israeli government, but the Israeli government has capabilities Google will never acquire because Google's control over its employees is limited (mainly to contract law). Google cannot sentence an employee to decades in prison for betraying Google's secrets.
So for example, it turns out that 1 or 2 of the employees of the Manhattan Project betrayed the project by giving nuclear secrets to the Soviet Union, but at least the US government had a realistic chance of keeping secrets there whereas a private corporation embarking on a project of similar scale (i.e., a similar number of employees with similar levels of knowledge and skill) has no realistic hope of doing so.
I think this argument is relevant to computer security because having an exploit is almost completely useless if the entity you hope to use the exploit against knows you have the exploit.
Global superpower gets the dynamics exactly backwards. Another hobbyhorse of mine: Belize could be a major player in these kinds of threats if they wanted to be. At the scale of sovereign states, none of this is real money.
Nobody wants to be hacked by a random kid from their parent’s basement. It’s kind of embarrassing. It’s nicer to just say that we are being attacked by a nation state. “It’s understandable, nobody could resist such force!”
It's just a heavy metal umlaut for someone who could have written "state-level" or "country". Like forcing the word "geopolitical". I would not get too worked up about it.
Why would it be useful? Doesn't seem like it would change anything about the tactics, techniques, or procedures they're recommending. I suspect that most potentially vulnerable organizations don't care who the intruder is at all, let alone between a nation-state vs. a more heterogeneous country.
Uhh, I think you mean legal criminal organizations. Which, you believe should be illegal.
I mean, maybe you meant illegal, in the sense that they are not always in clear legal status (e.g, NSA doing illegal things), but I think for the reader "legal criminal organizations" makes more sense to the point.
Another way to write it maybe would be "sanctioned criminal organizations" but that would be confusing with the secondary meaning of sanctioned. Oh language :(
CVE-2022-47966 is a Zoho vulnerability, while the other is a fortigate one, both are RCEs
Both have had public PoCs published at least early this year, there's a bunch more of publicly known RCEs that are still unpatched and used by some tens of thousands of machines, according to Shodan
Can we just eliminate bad actor nation states like China and Israel from the Internet? Filter all packets coming from or going to there, have the backbone spyware sever proxy connections, etc? One year the first time, forever with repeat offenders.
