Threats per country

Hunt & Hackett is continuously monitoring the activity of Advanced Persistent Threats (APTs). Although the background and exact motivation is unique for each actor, most actors can be linked to a limited set of countries. When zooming out to a country level, typical patterns and motivations per country become visible. Threats come and go, from global threats like ransomware to more targeted sector-specific threats. The more knowledge you have on the threats that are actually relevant for your specific sector and organization, the better, easier and more cost-efficient your cybersecurity strategy will be.

Global threat landscape

What are we currently facing?


Advanced Persistent Threats (APTs)


Tactics, Techniques & Procedures (TTPs)


Attack tools

APT activity & motivation over time


View the detailed threat profile per country

Threats per country

Actors and their motivations

Russian Federation

The Russian Federation's cyber activity can be subdivided into that of state-sponsored APTs and Organized Crime Groups (OCGs). Its state-sponsored units are highly advanced, mature and professionally integrated into its main intelligence services. Next to that, it houses a wide range of proxies and OCGs and cleverly uses such groups for capability development and talent recruitment. The OCGs are primarily concerned with financial gain and ransomware in particular. Russian OCGs dominate the ransomware business, with the vast majority operating from Russian soil. 


China has invested significant resources in developing its offensive cyber capabilities. It now possesses an extremely large pool of cyber units which are tasked with advancing the state's interests through cyberspace. As a result, China is by far the most active nation in using its offensive cyber capabilities to advance its strategic agenda.

North Korea

Characterizing for North Korea in cyberspace, is that it showcases how possessing offensive cyber capabilities can be a very attractive way of countering conventional military strength, whilst keeping costs and risks relatively low. What is certainly unique to North Korea, is that it actively uses its cyber capabilities to steal money to fund its nuclear and ballistic missile programs.


What characterizes Iran’s cyber capabilities is that although its cyber capabilities are less sophisticated than some of the other most active offensive nations, it is still able to inflict damage upon its adversaries. For this purpose Iran maintains a unique ecosystem of proxies, including state-sponsored units, universities and contractors to conduct its offensive cyber-operations.

United States

The US is globally an unmatched nation when it comes to its cyber capabilities. Furthermore, it has the most developed big-tech and cyber security industry, resulting in having both a strong defense market and intelligence position. Together with the support of advanced capital markets and other stakeholders such as the academic sector, investments in high-tech advancements are higher than in any other nation. In summary, the US can be considered the world's innovation engine when it comes to offensive and defensive cyber capabilities.


Israel can be considered as one of the world's leading cyber powers. It was one of the first countries to acknowledge the importance of cyber in modern day conflict. It has also faced innumerous cyber-attacks since then. Its offensive activities in cyberspace can be characterized by quality over volume. A limited number of highly targeted and sophisticated operations is attributed to Israel. These operations are in line with their political and security interests. Furthermore, Israel has developed a unique ecosystem of public-private cooperation that led to the creation of a vibrant cyber security tech-industry. This has created a fruitful ground for further capability development.

To defend against your specific threat landscape, it is equally important to gain critical insights into the current resilience level of your organization. To understand yourself it is useful to let (third-party) security specialists assess your defenses and simulate meaningful attacks. When done right, such an approach provides critical insights into the resilience level of the organization against its threat landscape. Hunt & Hackett use its proprietary threat modelling-based approach with its clients in various sectors to provide meaningful insights as well as tailored solutions for the strategical, tactical, and operational aspects of their cybersecurity program.

Our approach

Controlling your cybersecurity risks

In their fight against cyber-attacks, our customers typically go through several stages of maturity. By ramping up their prevention, detection, and incident readiness over time – and optimizing this for their actual threat landscape – they reach a point where they have developed solid resilience against targeted attacks, with only highly controlled and accepted risks remaining.

There is no simple 'fix' to become resilient against the sophisticated cyber threats of today. Without serious resources or processes for systematic security activities, protection against modern cyber threats like ransomware is just a wish. Hunt & Hackett has developed a unique threat- and sector-driven approach to cybersecurity, enabling you to work from your current situation to a highly improved and controlled situation, optimized for your specific threat landscape and context as an organization.

Our services

Optimized for your specific sector

Because we use your actual threat landscape and your sector as our starting points, our services are optimised for your specific context and needs.

Managed Detection & Response (MDR)

We detect & react to attacker activity in your environment, minimizing the impact on your business.

Security Program Gap Assessment (SPGA)

We assess your current security program, threat landscape, security controls and risk.

Threat Hunting (TH)

We proactively hunt for evidence about unknown threats to improve your security posture.

Breach & Attack Simulation (BAS)

We validate your security choices by simulating attacks.

Incident Response (IR)

We help you manage a cyber crisis and contain security incidents, breaches and cyber threats.

Questions or feedback?

Get in touch