How the cyber capabilities of the “big four” nations threaten the West

COMMENT

There are four nations that the US and UK governments say pose the greatest threat to the West. They are called the “Big Four”: Russia, China, Iran and North Korea.

Each nation has its own general threat behaviors and agenda to satisfy the ambitions of the government in power on the world stage. Russia’s cyber threat activities focus primarily on offensive cyber operations, China’s on cyber espionage, Iran’s on influence operations, and North Korea’s on financial gain.

The events of the 20th century, developments since the dawn of the millennium, and intense geopolitics since the start of 2022 have contributed to the recent actions taken by the Big Four. Industry analysts see plenty of evidence linking cybersecurity crimes around the world to nation-state-sponsored groups associated with these four countries.

Russia

A multitude of geopolitical factors have influenced Russia’s actions in recent years, including NATO’s expansion eastward across Europe to Russia’s borders and NATO’s support for Ukraine.

Russia is forging greater economic and military partnerships with China, Iran and North Korea to boost its economy and replenish its military hardware. After Europe closed its doors to Russian oil, the country had to sell its natural resources to developing Asian markets. As a result, India imported 40% of its discounted oil from Russia in 2023, compared to just 3% two years earlier. Strong economic dependencies often produce an increase in cyber espionage operations due to the need for foreign policy information related to these agreements.

While Russia is engaged in open warfare, the state has conducted an increasing number of overt attacks. Reports indicate that 16 different “families” of windshield wiper malware have been used against Ukraine in the last 12 months, compared to just one case in the previous two years. ESET senior researcher Anton Cherepanov declared“This is the most intense use of windshield wipers in the entire history of the computer.”

In particular, the United States, Germany and the United Kingdom are the most important countries in the world best donors of Ukrainian military aid and are also the most targeted nations outside of Ukraine.

China

In 2023, China has emerged as the world’s second major power, with broad ambitions to strengthen its influence through global infrastructure investments through Belt and Road Initiative and political dominance of East Asia. China is considered the most threatened nation both in terms of cyber attacks and cyber espionage capabilities. Its strategic interests lie in:

These strategic interests are realized in several key areas. First, in 2015, China announced the Made in China 2025 plan, which aims to advance China’s manufacturing base by rapidly developing 10 high-tech industries. If China succeeded in creating advanced semiconductors, Taiwan’s monopoly on semiconductor production would be severely undermined and thus a major deterrent to a possible Chinese invasion would be removed.

China also aims to emerge on the world stage as a tough counter to Western (and particularly US) dominance. As former director of the US Cybersecurity and Infrastructure Security Agency (CISA). General Keith Alexander saidChina is undertaking “the largest transfer of intellectual wealth in history.”

Iran

Iran’s modern political landscape began in 1979 with the overthrow of the monarchy and the accession of the religiously based Islamic Republic. Since then, Iran has consolidated itself as a strong state with great influence in the Middle East.

Iran’s cyber characteristics fall into two categories: offensive operations and actions aimed at exerting influence to strengthen the government. Since June 2022, several Iranian threatening groups have deployed cyber-enabled influence operations (I). This combines offensive operations with messages in a coordinated and manipulative manner to advance Iran’s geopolitical objectives by shifting perceptions, behaviors, and decisions toward the regime.

Furthermore, tensions with Israel have been very high, leading to covert economic and military policies support to Hezbollah in Lebanon and Hamas in the Palestinian areas.

As of 2022, Iran’s cyber capabilities were considered the most basic of the Big Four. However, in 2023, Iranian state actors have used increasingly sophisticated commercial activities, launching more custom implants and becoming much faster at exploiting the latest exploits. This demonstrates a clear leap in Iranian cyber capabilities.

North Korea

Technically, a state of war has existed between North Korea and South Korea since 1950: during the Korean War the two countries never signed a peace agreement, but only a ceasefire agreement. The North Korean leadership sees the survival of the state and Kim’s regime as directly threatened by the United States and its allies. To protect itself from the perceived threat of an imminent invasion, the Kim government has built a deterrent by aiming thousands of artillery pieces at South Korea’s capital, Seoul, and developing nuclear weapons and intercontinental ballistic missiles.

This aggressive tactic has led to severe economic sanctions, preventing the outside world from trading with North Korea. In response, the state conducted numerous financially motivated attacks cryptocurrency thefts steal money to support the government and finance weapons. It also runs intellectual property theft operations. The United States is by far the most targeted nation, accounting for more than 40% of attacks in the past 12 months. In second and third place we find South Korea and Japan respectively.

What will be?

Over the next 12 months, approximately two-thirds of eligible citizens in democratic countries will have the opportunity to vote in presidential or national elections. AS, cyber influence campaigns aimed at elections are expected to increase during 2024 by all four major nations.