Recent cyber attacks show increased nation state activity, says former NSA Director

San Francisco, 23 March 2021

Cyber attacks launched by nation states are becoming more proficient and more aggressive. This was the message from Admiral (ret.) Michael S. Rogers at the NetDiligence Cyber War Webinar Series.

Speaking at the online event, Admiral Rogers, the former Director of the National Security Agency and Commander of US Cyber Command who is on the board of directors at cyber risk analytics specialist CyberCube, said that the breadth of activity by states including Russia and China had increased following a lull after the impact of 2017’s allegedly Russian ransomware attack, NotPetya. He also stated that the boundaries between nation states and criminal gangs were blurring as some states employed organised cyber criminals to launch attacks on their behalf.

Talking about the recent resurgence of nation state-inspired cyber-attacks, Admiral Rogers said: “We went through a period between about 2011 and 2017, during which nation states increased levels of activity. This includes the NotPetya hits in the summer of 2017, probably the largest global event we've ever seen. And after that, given its repercussions, there seems to have been a bit of a step back.” 

Admiral Rogers said in the following three years, the breadth of activity has changed with the SolarWinds attack in December 2020 and the attack on Microsoft Exchange this month both arguably evidence of increased nation state activity.

Admiral Rogers added: “You're seeing criminal groups share tools, and you're seeing the lines between nation state and criminal group blur a little bit. The Russians in particular, often tend to use criminal groups to engage in state-associated activity. This proliferation of tools is creating a challenging environment.”

Admiral Rogers touched on a variety of topics including cyber war definitions and when a nation state might define an event as criminal activity. Focusing on the impact of COVID-19, he noted that the nature of working from home meant that traditional approaches to cyber security had been rendered partially redundant as infrastructure is shared with family. 

“We're not all sitting behind a central security stack right now. Now we're dispersed,” he explained. “We've blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure’. The bottom line is the attack surface is just proliferated as a result.”

Admiral Rogers was speaking to Darren Thomson, CyberCube’s Head of Cyber Security Strategy. CyberCube is one of the sponsors of NetDiligence’s Cyber War Webinar Series.

The NetDiligence Cyber War and Terrorism Summit runs from 22–25 March 2021.

To watch the video, click here.


About CyberCube

CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modelling on thousands of points of technology failure.

The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners and backing from ForgePoint Capital, HSCM Bermuda, MTech Capital and individuals from Stone Point Capital. For more information, please visit or email

Contact Yvette

If you're looking for more information on CyberCube or on how to collaborate with us, feel free to get in touch with me directly.

I'd be happy to help!