How cyberattacks are transforming warfare

There is a new battlefield. This is a global problem and difficult to defend. What began as a high-profile incident in 2007, when Estonia was hit by hackers targeting its government and business sector, has evolved into a cyber war waged continuously around the world. Today, cyberattacks have become the norm, transforming our perception of war and international conflict as a whole.

From the DDoS attacks in South Korea in 2009 to the attacks on Burma in 2010 and the U.S. election interference attacks against the Democratic National Committee in 2016, the list of historic cyberwarfare incidents continues to grow. The main actors ? Nation-state-backed cybercriminal groups and organizations linked to Russia, North Korea, China, and several Middle Eastern countries. This report examines three key trends in cyberwarfare to understand their impact.

Russia: the cyber invasion of Ukraine

On August 31, 2023, the Five Eyes agency – a network of intelligence alliances made up of agencies from Australia, Canada, New Zealand, the United Kingdom and the United States – issued an advisory. new report revealing that Russian state-sponsored hackers were using the infamous Chisel malware to target the Android devices of Ukrainian military personnel to collect and extract data.

This attack is not an isolated incident. This is just the latest in a nearly decade-long cyberwar campaign against Ukraine. In fact, many cybersecurity experts consider Ukraine to be ground zero on the global digital battlefield.

In 2015, a Russian group known as Sandworm struck Ukraine’s power grid, disrupting the country’s energy services for hours. Sandworm followed a similar attack in December 2016, putting the capital kyiv in darkness at midnight for more than an hour.

“Over the past 7-8 years, Russia has transformed Ukrainian cyberspace into a battlefield for training and honing skills in cyberattacks,” said the head of engineering at MacPaw’s. Moonlock Laboratory. The engineering official, who asked to remain anonymous, has previously participated in investigations into attacks on Ukraine’s critical infrastructure and shared his insights in depth in a recent article. article on the cyberwar between Ukraine and Russia.

Attacks on energy networks were just the beginning. Russia-linked groups have since launched an intense cyberwar offensive against Ukraine. In 2017, hackers used Petya ransomware to take Chernobyl’s radiation monitoring system offline and attack ministries, banks and state-owned companies.

But 2021, 2022 and 2023 have been the most active years in terms of incidents in Ukraine, as cyberattacks intensify alongside the Russian-Ukrainian war.

These attacks helped shape Ukraine’s cybersecurity defenses. Each gives the nation’s security specialists the information they need to further strengthen their cyber defenses and develop a better understanding of the techniques used in cyber warfare.

Today, Ukrainian cybersecurity authorities continually train in real-world situations with unique practical expertise. They have been repeatedly praised for their effectivenessbecause Russian-backed cyberattacks have been numerous but rarely successful.

China: a rising and disruptive force

As cyberwarfare has evolved, cyberattacks linked to China have increased. The list of countries that have accused China of waging cyberwar is long and includes Australia, Canada, India, Japan, Taiwan, the Vatican and the United States.

The US Cybersecurity and Infrastructure Agency (LPCC) recently warned all international organizations and partners to take urgent steps to understand the tactics, techniques and procedures used by China-backed bad actors.

“China likely currently poses the broadest, most active, and most persistent cyberespionage threat to U.S. government and private sector networks,” the report said. Annual Threat Assessment 2023 reads the report from the Office of the Director of National Intelligence.

The same report highlights the ongoing US-China trade war, tensions with Taiwan, technology export disputes and China’s interest in dominating global supply chains. U.S. intelligence services conclude that increasing aggressive cyber threats against the United States are inevitable.

“China is almost certainly capable of launching cyberattacks that could disrupt critical infrastructure services in the United States, including against oil and gas pipelines and rail systems,” the report said.

As Beijing’s geopolitical interest in Taiwan and the South China Sea increases, alongside a show of military force, cyber attacks including espionage, cyber theft and unethical transfer of technology and knowledge , are expected to intensify.

Once again, we can see how countries are turning to cyberwarfare using digital tools to shape global order and regional conflicts, or to pressure certain issues.

Countries deploying cyberwarfare operations often use the same technologies within their borders. In the case of China, the government openly operates advanced domestic surveillance networks and AI-based censorship systems against its population, media, and various organizations.

North Korea: financing military and nuclear programs

Hacking groups linked to North Korea have gained a reputation for launching financially motivated cyberattacks and using illicit funds for political purposes. Cyber ​​espionage and cryptocurrency theft are the main tools in their digital arsenal.

A Channel Analysis Report found that in 2022, North Korea-linked hackers stole a record $1.7 billion, quadrupling its annual cryptocurrency theft activity from $429 million in 2021. Experts believe that, restricted by strict international sanctions, the country uses the profits from these cryptocurrency thefts to finance its military and nuclear programs.

In a single attack in 2022, hackers believed to be linked to North Korea managed to steal $625 million from a Singapore-based blockchain technology company. Cyberwarfare tactics are also used in the country to monitor and censor the education sector, its citizens as well as international and private companies or entities.

Despite North Korea’s categorical denial, the country has been accused of several historic cyberattacks, including:

The 2013 logic bomb attack in South Korea. Three media companies and three financial institutions in South Korea were hit by a cyberattack in 2013. The attackers dropped a logic bomb, erasing the hard drives and boot records of the affected companies.

The Sony Picture attack 2014. Confidential Sony Pictures data was leaked in 2014 by cybercriminals who demanded that the entertainment company not release the upcoming comedy film. The interview. The film’s storyline centered around an interview and assassination attempt against North Korean leader Kim Jong Un.

The Wanna Cry Global Attack of 2017. North Korea was also accused of being behind the WannaCry cyberattack that affected more than 300,000 computers in more than 150 countries in 2017. The attack hacked hospitals, banks and businesses in the around the world and caused billions of dollars in damage.

The impact and transformation of war

Cyberwarfare techniques are generally aligned with international policies and the agendas of the countries that support them. Many issues that were once dealt with through diplomatic, official or clandestine channels – or even through armed conflict or military action – are now in the hands of cybercriminals.

Part of the appeal of cyberwarfare is that it is a highly cost-effective armed digital solution for many countries. It can be deployed remotely and requires only modest economic, human and material resources. Remotely, hackers can attempt to interfere with elections, disrupt national operations, influence decisions and policy, or simply create chaos.

The impacts of cyberwarfare are profound. Not only do they directly affect governments, but their consequences often spill over into other sectors, including health, education and business. Even civilians are directly or indirectly affected.

“Everyone is affected,” said Moonlock’s lab engineering manager, “either because they were forced to work remotely from a bomb shelter using their personal laptops or because “They were affected by the bombing of peaceful residential areas where the Russian invaders repeatedly physically damaged the residential areas. energy sector.”

A new digital world order

As complex as cyberwarfare may be and as significant as its impacts are, the sad truth is that for resource-rich governments, cyberwarfare is an increasingly accessible weapon that they can exploit for their own interests.

Cyberwar is undoubtedly an expression of national and international power, values ​​and interests aligned with the political agenda of the country supporting it. But the world quickly woke up to the reality of digital warfare. Leading countries and largest security organizations have rapidly upgraded their skills and committed to defending security and privacy.

Time will tell to what extent these advances in cyberwarfare will influence the future of international relations among the world’s superpowers, but one thing is clear. World politics will never be the same.