According to the United Nations, the world witnessed a significant rise in violent conflicts in 2023 that reached unprecedented levels not seen since World War II. This trend will likely continue into 2024 as technology will enable nation state-level cyber operations to surge — further fracturing the geopolitical landscape. The increase in global tensions continues to impact the cyber security landscape profoundly. Three of the ‘Big Four’ nation-states, namely Russia, China, and Iran, are paving the way toward a new level of worldwide cyber tensions. We have seen evolving cyber threats from these regions throughout the first couple of months of the calendar year. January 2024 will likely be the harbinger of a particularly challenging year for almost any organisation with an internet-connected device.
From Russia with love
Since Russia’s military engagement with Ukraine, we have witnessed an unparalleled surge in cyber operations. These activities continue to target Ukrainian civilian and military infrastructure to gather intelligence and undermine the nation’s resistance. In 2023, Moscow-aligned cyber operations also extended beyond the borders of Ukraine, targeting NATO member states as well as other nations sympathetic to the cause of Kyiv. Russia likely conducted these activities via proxies such as cybercriminal groups and hacktivist collectives. It’s interesting to note that these attacks were most prominent during periods of Western support initiatives for the Ukrainian war efforts.
Moscow will likely continue to employ proxies to implement destructive cyber-attacks involving the deployment of wiper malware, information operations (IO), and intellectual property (IP) theft to inhibit cooperation between entities involved in providing Ukrainian support. Fluctuating periods of targeting against the transportation and logistics sectors will likely occur during the delivery of support packages to Ukraine, as Russia will seek to disrupt their supply.
As 2024 rolls out, we have assessed that Russia’s cyber operations will likely continue targeting Ukraine’s critical national infrastructure (CNI), the scope and duration of which are expected to widen, with likely expanded economic espionage targeting of sub-Saharan Africa.
Made in China
Offensive cyber operations conducted by The People’s Republic of China (PRC) remained extensive throughout 2023. Beijing’s operations focused heavily on IO and intelligence gathering, almost certainly due to the strategic objectives regarding the ‘Made in China 2025’ initiative, the national strategic plan to secure China’s position as a global leader in high-tech industries. The initiative aims to reduce Beijing’s reliance on foreign technology imports and invest in its own technology advances to establish Chinese organisations that can compete domestically and globally.
In addition, Beijing’s cyber espionage efforts against the Taiwanese semiconductor industry is a significant concern. This year will likely see China escalating its cyber operations to advance its geopolitical objectives in the South China Sea, with expanded efforts including more direct sabotage aimed towards rival states in conjunction with concentrated cyber-attacks on Taiwan’s technology sectors. Chinese IO will likely continue to expand in scope and diversification, leveraging social media and enhanced artificial intelligence (AI) capabilities to influence the outcome of crucial elections and to undermine democratic integrity in favour of leaders that better suit Chinese interests. Finally, there is a realistic possibility that there will be an uptick in People’s Liberation Army Strategic Support Force (PLASSF) sponsored cyber espionage aggression aimed towards Ukraine with recent intelligence indicating that Pakistan, a Chinese rival, has imported Ukrainian-produced unmanned aerial vehicles (UAVs), which have been added to their armed forces’ inventory and will likely be utilised to counteract Chinese military threats.
The Iranian Sandstorm
Throughout 2023, Iranian cyber capabilities became increasingly sophisticated, allowing state-sponsored threat actors to expand beyond their traditional Western targets to include regions such as Asia, Africa, and Latin America. Their initiatives ranged from aggressive IO to support Palestinian causes to sophisticated espionage campaigns targeting various Middle Eastern states. Case-in-point: a highly sophisticated espionage campaign launched by the Tehran-aligned Advanced Persistent Threat (APT) unit, tracked as ‘Hazel Sandstorm,’ targeted multiple states across the Middle East, including the United Arab Emirates (UAE), Israel, Iraq, Jordan, Kuwait, Oman, and Saudi Arabia. Sectors of interest for this campaign are reported to have been government agencies, military branches, and telecommunications sectors, in addition to financial organisations and non-governmental organisations (NGOs).
Extreme caution should be exercised regarding Iran. Following the ‘Transition Day’ of the Joint Comprehensive Plan of Action (JCPoA) on 18th October 2023, certain restrictions on Iran’s nuclear and missile programmes have been lifted. However, with Iran’s increasing non-compliance since 2019, the UN Security Council Resolution 2231 decided to maintain restrictions, denying nuclear weapons testing or ballistic missile activities. There is a realistic possibility that this will result in retaliatory Iranian cyber operations being aimed towards Western government, military, financial and higher education industry verticals, as the UK, with the support of fellow E3 member states France and Germany, continues to apply restrictive measures against Tehran.
A pivotal year for global politics
The beginning of every year has the potential to be pivotal on the global stage — and 2024 is shaping up to be no exception. The Paris Summer Olympic Games, the 75th anniversary of the PRC, and the US presidential elections present opportunities for nefarious cyber activities. However, unlike in previous years, 2024 will likely witness the tightest culmination of geopolitics and cybercrimes that the world has ever seen.
Cyber security has become the responsibility of businesses, governments, and individuals around the globe. Each entity must therefore become aware of evolving cyber threats, adopt strategies to deflect attacks, and, most importantly, share information learned to develop and implement robust defensive measures. The unity of a collective and diligent mindset to cyber security will become paramount to safeguard the integrity and stability of all digital assets.
Craig Watt is a Threat Intelligence Consultant at Quorum Cyber, specializing in strategic and geopolitical intelligence.