Governments of major global adversaries, including Russia, China, Iran, and North Korea, are deepening their reliance on cybercriminals to achieve their strategic cyber objectives. This shift signifies a blending of state-sponsored espionage with criminal cyber activities, complicating international cybersecurity efforts. As cyber threats evolve, the collaboration between state actors and cybercriminals poses significant challenges to global security frameworks.
State-sponsored cyber operations once relied primarily on internally developed proprietary tools. The current shift toward using publicly available and criminally developed malware indicates an adaptation to limited resources and a desire for operational deniability.
Why Are State Actors Turning to Cybercriminals?
Resource constraints and operational demands have pushed state-sponsored groups to adopt cybercriminal tools. The Google Threat Intelligence Group report highlights that Russian entities like APT44 and Sandworm have utilized malware such as Radthief and Warzone to further their espionage efforts.
“Google assesses that resource constraints and operational demands have contributed to Russian cyber espionage groups’ increasing use of free or publicly available malware and tooling,”
the report states.
Which Countries Are Following This Trend?
Apart from Russia, countries like China, Iran, and North Korea are similarly integrating cybercriminal tools into their operations. China, for example, has used criminal gangs to obscure its espionage activities, making attribution more difficult. Additionally, Google’s observations in May last year noted an Iranian hacking group employing Radthief.
What Are the Implications for National Security?
The merging of cybercriminal activities with state operations escalates national security threats.
“Cybercrime has unquestionably become a critical national security threat to countries around the world,”
stated Sandra Joyce, vice president of Google Threat Intelligence. This convergence ensures that state-backed operations are both cost-effective and resilient against disruption, challenging traditional defense mechanisms.
Cybersecurity firms like Trellix have observed a blurring of lines between state and criminal cyber tactics. Tomer Shloman, a security researcher at the company, noted the “unsettling convergence of tactics, techniques, and even objectives, making it challenging to distinguish between them.” This makes attributing cyber attacks more complex and reinforces the need for advanced threat intelligence.
Addressing these intertwined threats requires comprehensive strategies that consider both the criminal and state dimensions of cyber threats. Enhanced international cooperation and investment in proactive cyber defense are essential to mitigate the risks posed by this hybrid approach, ensuring robust protection of national security assets.