Explaining the Cyber conflict in Geopolitical tensions
On April 9th the Intelligence Community releases their new Annual Assessment Threat Report, that includes diverse topics like disruptive effects made by the climate change, COVID-19 pandemic, political instability, geopolitical rivalry and cyber threats, this last one i will explain more in detail in this blog.
Moscow, Beijing, Teheran and Pyongyang, will maintain as the main rivals for the US and allies, regarding their geopolitical interests. A short explain how each of these countries are conducting their objectives are for example, China will seek to push changes in the global norms. Russia will demonstrate their force intimidating regional countries like Ukraine by kinetic and cyber ways. Iran conducting influence operations and support for regional proxies in countries like Syria, Iraq and Yemen while conducts its secret war with Israel. Finally and not less important, North Korea wants to be the disruptive player conducting cyber theft around the world.
As we will see in this blog, all of this intentions by these countries will be reflected in the cyber space conducting cyber-espionage operations or influence campaigns, which makes it one of their most important domains if not the most important yet.
So let’s get started!
China
China possess as a prolific and effective cyber-espionage threat, substantial cyber-attack capabilities and growing influence threat.
Knowing as a country in which their intelligence agencies are able to do anything in order to guarantee the world economic and political supremacy, the CCP is attempting to exploit doubts, democracy and extend Beijing influence in its natural sphere across the Western Pacific and East Asia
Guarantee the world economic and political supremacy
The activities that China is engaged into achieve this objectives through the cyber domain are:
· Cyber-attacks who can make disruptions to critical infrastructure
Electrical grids, Power supplies, Water Plants
· Surveillance Systems and Censorship
Ethnic minorities such as the Uyghurs, Journalists
· Cyber-espionage operations
Telecommunication firms, Providers of managed services, Software Companies
· Influence Operations
Mold public discourse in line with Chinese interests, Pressure political figures, Muffle criticism on China, Undermine democracy
Main ongoing geopolitical conflicts are:
China — India border conflict is now in the most serious escalation in decades, which lead to a lethal border clash the last year between the two nuclear countries. This conflict is not only seen as a kinetic one, also is fought in cyberspace, as we saw for example in the electrical grid attack with a blackout in Mumbai made by apparent state-sponsored Chinese hackers for apparent disruptive purposes in order to warn the Indian government.
South Chinese Sea is a conflict in which are engaged a lot of regional countries like Vietnam, Malaysia, Philippines, and China in which are also ongoing cyber espionage operations made by APT’s linked to the PLA or the MSS, but these types attacks are also made by the South East Asian governments against China as we have seen with the APT32 — Ocean Lotus group linked to Vietnam in order to collect information about COVID-19 crisis.
Taiwan, this conflict is especially important because it has the serious potential of a total war. In the cyber domain we have seen a lot of cyber-attacks conducted mainly for intelligence purposes but also in disruptive ones.
Russia
Moscow, as we can guess it, will be willing continue to develop their intelligence and cyber capabilities and seeking new partnerships, divide Western countries while weakening their alliances, showing that Russia is capable of shape the global events better than its adversaries mainly in the post-Soviet era, but with strategic objectives around the world.
Showing that Russia is capable of shape the global events better than its adversaries
Considering that Russia sees cyber-attacks an acceptable option to deter adversaries, control escalation and prosecute conflicts, these are some of the ways that the Kremlin will use in the cyber space to achieve its goals:
Cyber-attacks on critical infrastructure
Underwater cables, Industrial control Systems
Software supply-chain Operations
Private organizations, Public organizations
Surveillance and Censorship
Journalists, Organizations
Influence Operations
Democratic elections, peace deals
Main ongoing geopolitical conflicts:
Middle East and Africa represents a great opportunity to undercut the US influence in the region while increasing its influence in countries with civil wars like Syria, Libya or Sudan, for military access and economic opportunities. For example, the last year was reported by the SIO, that IRA-linked actors, who serves Moscow’s interests, were conducting an information operation through social media like Facebook and Twitter, using sock puppets accounts, groups, fake news, hashtags, etc. In Libya supporting the LNA (Libyan National Army) while disrupting the Libyan Political Dialogue Forum. In Sudan there were pro-Russian narratives talking about a new Russian naval base in the country. And Syria, supports for the Bashar al-Assad regime and critics on the military operations conducted by Turkey and the US.
Latin America and the Caribbean, a region with a lot of natural resources is in the Kremlin’s point of view, expanding engagement with Venezuela and Cuba with clear interests on access to markets and natural resources, to offset some of the effects of the sanctions. While there is no evidence yet that the Russian intelligence services are actively engage with cyber operations or influence operations, exits the potential to develop this capabilities in the region in line with the motives mentioned before.
Former Soviet Union, are referring to countries like Estonia and Ukraine in which Russia is actively and aggressive in an ongoing cyber war in order to destabilize, while in Belarus is supported if it deems necessary. Ukraine is a great example of a cyber-conflict in all the aspects, critical infrastructure cyber-attacks, DDoS attacks, disinformation campaigns, etc.
Iran
Tehran will try to erode US influence in the region while supporting Shia populations abroad including militias to project power in neighboring states, deflect the international sanctions and minimize threats to regime stability. The cyber domain developed since the Stuxnet attack, are characterized to be aggressive cyber operations targeting network and data, but also human minds through disinformation campaigns as we have seen in the 2020 US elections:
Aggressive cyber operations targeting network and data, but also human minds
Cyber-attacks on critical infrastructure
Water facilities
Cyber espionage
Government sector, Private sector
Disruptive attacks
Financial institutions
Influence operations
US presidential elections, Domestic audiences
Main ongoing geopolitical conflicts:
Syria, is for Iran an important influence space in order to limit or eliminate the US influence in the region, pursuing a permanent military presence and economic deals. They support the training of Syrian cyber war commands with their IRGC large cyber branch.
Yemen, will stay as a failed state, while regional actors seeks to undermine the interests of their adversaries. Iran, who supports the Huthis, have been seen conducting cyber-attacks on Saudi websites, while maintaining a distance from this types of attack through cover groups like the Yemen Cyber Army.
Israel, will be always consider Iran its archenemy and as a constant threat, not only through missile forces or support of Hizballah and other terrorist groups, but also with cyber-attacks on critical infrastructure like water plants or ransomware attacks.
Afghanistan, since the start of the internal conflict and the US presence, Tehran seeks to build ties with both the government in Kabul and the Taliban, to maintain a possible advantage when the coalition forces leave the country. To achieve its goals, Tehran maintain a constant influence campaign through news websites by the International Union of Virtual Media headquartered in Iran, amplified with fake social media accounts.
North Korea
Destabilizing actions, will be the principal way in which Pyongyang will seek to shape the regional security including the resumption of nuclear weapons and ICBM tests, gaining prestige, security and acceptance with the modernization of their cyber capabilities, growing in espionage, theft and cyber-attacks activities.
Disruptive Cyber-Attacks on Critical Infrastructure
Some critical infrastructure networks, Business networks
Software supply-chains Operations
Government entities, Private entities
Cyber theft
Financial institutions, Cryptocurrency exchanges
Main ongoing geopolitical conflicts:
South Korea, since the end of the Korean War (1953), North Korea was always willing to disrupt and attack their south neighbor through different means, cyber espionage campaigns like the intrusion on the South Korean military systems in 2016.
Japan, in 2016, North Korean government signed a secret deal with Yakuza mafia in order to withdraw money from South African stolen credit cards on 7-Eleven ATM’s machines around Nagoya.
United States, the film “The Interview”, which would be released in 2014 was disrupted when Sony employees reported that their computers had been hacked, by the group called Guardians of Peace. This group will released a bunch of secret company emails, which also led to the resign of the one of the studios head, and if it not was enough, 5 films were put online.
Conclusion
As we have read, the growing cyber threat, year to year will increase in capacity and complexity in which our nations need to think like this adversaries, understand their methods, decide what actions we are going to take and respond in an ingenious and creative way. This a long-term game, in which we will win and lose battles, but if we know ourselves and our enemies, we don’t need to be worried about the result of a hundred battles.
