There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks have become the norm, transforming how we think about war and international conflict as a whole.
From the 2009 South Korea DDoS attacks to the 2010 attacks on Burma and the 2016 US election interference attacks on the Democratic National Committee, the list of historical cyberwarfare incidents continues to expand. The main players? Nation-state-supported cybercriminal groups and organizations linked to Russia, North Korea, China, and several countries in the Middle East. This report dives into three top cyberwarfare trends in an effort to understand their impact.
On August 31, 2023, Five Eyes Agency — an intelligence alliance network composed of agencies from Australia, Canada, New Zealand, the United Kingdom, and the United States — issued a new report revealing that Russian state-sponsored hackers were using the infamous Chisel malware to target the Android devices of Ukrainian military personnel to collect and extract data.
This attack is not an isolated incident. It is only the latest in an ongoing cyberwarfare campaign against Ukraine that has been going on for almost a decade. In fact, many cybersecurity experts consider Ukraine to be ground zero for the global digital battlefield.
In 2015, a Russian group known as Sandworm hit the Ukrainian power grid, disrupting energy services in the country for hours. Sandworm followed up with a similar attack in December of 2016, blacking out the capital city of Kyiv at midnight for over an hour.
“Over the past 7-8 years, Russia has turned Ukraine’s cyberspace into a battleground for training and honing skills for cyberattacks,” said the Engineering Manager at MacPaw’s Moonlock Lab. This Engineering Manager, who asked to remain anonymous, was previously involved in investigating attacks on Ukraine’s critical infrastructure and shared their insights in depth in a recent article on the cyberwar between Ukraine and Russia.
Attacks on energy grids were only the beginning. Russian-linked groups have since launched an intense cyberwarfare offensive against Ukraine. In 2017, hackers used the Petya ransomware to take Chernobyl’s radiation monitoring system offline and hit government ministries, banks, and state-owned companies.
But 2021, 2022, and 2023 have been the most active years for incidents in Ukraine as cyberattacks escalate side by side with the Russian-Ukraine war.
These attacks have contributed to shaping Ukraine’s cybersecurity defenses. Each one gives security specialists in the country the information they need to further build their cyberdefenses and develop a greater understanding of the techniques used in cyberwarfare.
Today, Ukrainian cybersecurity authorities are continually training in real-life situations with unique hands-on expertise. They have been repeatedly praised for their effectiveness, as Russian-backed cyberattacks have been abundant but rarely successful.
As cyberwarfare has evolved, Chinese-linked cyberattacks have increased. The list of countries that have accused China of cyberwarfare is lengthy and includes Australia, Canada, India, Japan, Taiwan, the Vatican, and the US.
The US Cybersecurity and Infrastructure Agency (CISA) recently warned every organization and international partner to take urgent action to understand the tactics, techniques, and procedures used by Chinese-supported bad actors.
“China probably currently represents the broadest, most active, and persistent cyber espionage threat to US Government and private-sector networks,” the 2023 Annual Threat Assessment report of the Office of the Director of National Intelligence reads.
The same report highlights the ongoing US-China trade war, tensions with Taiwan, technology export conflicts, and China’s interest in dominating global supply chains. US intelligence concludes that the increase of aggressive cyber threats to the US is inevitable.
“China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems,” the report states.
As Beijing’s geopolitical interest in Taiwan and the South China Sea increases, along with a display of military force, cyberattacks that include espionage, cyber theft, and the unethical transfer of technologies and knowledge are expected to escalate.
Once again, we can see how countries turn to cyberwarfare using digital tools to shape global world order and regional conflicts, or put pressure on certain issues.
Countries that deploy cyberwarfare operations are often using the same technologies within their borders as well. In the case of China, the government openly leverages advanced AI-driven domestic surveillance networks and censorship systems against its population, the media, and various organizations.
Hacking groups linked to North Korea have gained a reputation for launching financially motivated cyberattacks and using illicit funds for political purposes. Cyber espionage and cryptocurrency heists are the top tools of their digital arsenal.
A Chain Analysis report found that in 2022, North Korea-linked hackers stole a record $1.7 billion, quadrupling its yearly activity for cryptocurrency theft from $429 million in 2021. Experts believe that, restricted by strict international sanctions, the country is using the profit of these crypto thefts to fund its military and nuclear programs.
In just one attack in 2022, hackers believed to be linked to North Korea managed to steal $625 million from a Singapore-based blockchain technology firm. Cyberwarfare tactics are also used in the country to monitor and censor the education sector, its citizens, and international and private companies or entities.
Despite strong denial by North Korea, the country has been accused of several historical cyberattacks, including:
The 2013 South Korea Logic Bomb attack. Three media companies and three financial institutions in South Korea were hit by a cyberattack in 2013. The attackers dropped a logic bomb, wiping the hard drives and boot records of the companies affected.
The Sony Picture 2014 attack. Confidential data from Sony Pictures was leaked in 2014 by cybercriminals who demanded that the entertainment company not release the upcoming comedy film The Interview. The film’s script was centered around an interview and an assassination attempt against North Korean leader Kim Jong Un.
The Global 2017 Wanna Cry attack. North Korea was also accused of being behind the WannaCry cyberattack that affected more than 300,000 computers in over 150 countries in 2017. The attack breached hospitals, banks, and businesses around the world and caused billions of dollars in damages.
Cyberwarfare techniques are usually aligned with the international policies and the agendas of the countries that support them. Many issues that were once dealt with through diplomatic, official, or back-door channels — or even through armed conflict or military actions — are now in the hands of cybercriminals.
Part of the appeal of cyberwarfare is that it’s such a cost-effective weaponized digital solution for many nations. It can be deployed from afar and requires only modest economic, human, and hardware resources. From a distance, hackers can attempt to interfere with elections, disrupt national operations, influence decisions and politics, or simply create chaos.
The impacts of cyberwarfare are profound. Not only do they directly affect governments, but the consequences often spill over to other sectors, including healthcare, education, and business. Even civilians are directly or indirectly affected.
“Every person is affected,” said Moonlock’s Lab Engineering Manager, “either because they were forced to work remotely from a bomb shelter using their personal laptop, or because they were affected by the bombing of peaceful residential areas where Russian invaders repeatedly physically damaged the energy sector.”
As complex as cyberwarfare can be, and as significant as its impacts are, the unfortunate truth is that for governments that are rich in resources, cyberwarfare is an increasingly easy-to-access weapon that they can leverage for their own interests.
Cyberwarfare is undoubtedly an expression of power, values, and national and international interests as aligned with the supporting country’s political agenda. But the world has been quick to wake up to the reality of digital warfare. Leading countries and top security organizations have rapidly leveled up their skills and are committed to the defense of security and privacy.
Time will tell how these advances in cyberwarfare will influence the future of international relations among the world’s superpowers, but one thing is clear. Global politics will never be the same again.