The best measurement of the capability of the adversary isn't always the sophistication of the malware used, said Rocky DeStefano, founder and CEO of security analytics firm Visible Risk. Often, the tactics employed by the adversary to maintain or advance control within the network in response to defender activities is important as well.
So also is the actual information, people or systems that are being targeted by the hackers. "Was it only the latest updates to your most advanced research" that the hackers were after? "Or was it a general dump of information?" he asked.
Based on such measures, Chinese hacking groups would appear to rank behind the U.S., Israel and the U.K in terms of raw capability, DeStefano said.
"At the end of the day, it's not about latent vulnerabilities or advanced attacks," said Anup Ghosh, founder and CEO of security firm Invincea. "It's about what works for the least amount of effort or expertise required."
Over the past several years there has been a systematic compromise of all major sectors of the U.S. economy. "To scale to this size and scope there is necessarily heavy re-use of known vulnerabilities and their exploits. These often work because of the difficulty in patching software particularly in the enterprise space," Ghosh said.
Though the actors behind these exploits may be different, the methods used to compromise computer systems are shared among cybercriminals and nation states, he said. "Bottom line is, if you can be successful with conventional toolkit exploits, you use them instead of burning zero-days."
Sign up for CIO Asia eNewsletters.