5. They're not afraid to get physical
Despite what you see on television, a criminal isn't likely to follow a company executive around in order to physically infect their laptop or cellphone with malware.
The cost -- time, travel expenses, possibility of getting caught -- are too high. It's much easier to go after some other executive who has a phone that can be hacked without physical contact.
In the case of state-sponsored attacks, however, especially within that state's own borders, the costs and risks are minimal.
In fact, they might actually set up a meeting with the targeted executive, said Michael Shaulov, CEO at San Franscisco-based Lacoon Mobile Security, Inc.
Then all they need is a little private time with the laptop or cell phone in order to infect it. There are even several ways to infect iPhones, Shaulov added.
And, of course, a foreign nation-state often has full access to its own telephone networks.
6. The airwaves aren't safe
The airwaves aren't safe either, Shaulov added.
"In Russia, they discovered a couple of fake mobile cell towers," he said. "Every time someone would pass through that coverage area, someone in the government would intercept their communications."
The same approach works on foreign territory as well, he added. A mini cellphone tower can be hidden in a suitcase and carried to a location close to the target, or placed in a vehicle in order to have a larger coverage area.
"If you look out the window and see a white van, be suspicious," he said.
7. They stay on target
A financially-motivated criminal wants to see the biggest return on their investment, so they'll go after the least-defended companies first.
"There are certainly plenty of targets," said Steve Hultquist, chief evangelist at Sunnyvale, Cal.-based RedSeal, Inc. "I can just go on to the next one."
A company doesn't have to have perfect security to defend itself -- all it has to do is avoid being the lowest-hanging fruit.
A state-sponsored attacker, however, is motivated by strategic gain, not financial. They'll keep after a company, its employees, and its business partners, until they get in.
8. They have a large, well-organized team
Criminals are most likely to work alone, or in loosely-affiliated teams.
A state-sponsored attacker, however, might be working out of an actual office, under a well-trained project manager.
"State-sponsored cyberattacks are much more likely to be organized and run by a large group of people," said Jeff Williams, CTO at Palo Alto-based Contrast Security. "They're going to have a full lab full of people trained and executing a whole bunch of attacks against a whole bunch of things at once."
Sign up for CIO Asia eNewsletters.