These Five Countries Are World Leaders In Cyber Espionage

April 3, 2019

tags: Beijing, cyber espionage, FireEye, hackers, Hanoi, Moscow, Protect 2019, Pyongyang, Tehran

Via Wikimedia Commons.

Last week’s Protect 2019 conference featured lectures on malicious cyber activities targeting enterprises and governments alike. The presentation delivered by Roland Javines Ong shared data from FireEye’s Threat Intelligence files that revealed a handful of countries are responsible for major instances of cyber espionage in the previous year. It isn’t a surprise that North Korea lives up to its reputation by menacing cryptocurrency exchanges and stealing other people’s money.

But FireEye’s insights also showed a new Cold War is ongoing and its fault lines are no longer ideological but technological. More than ever before, these hostile governments are harming their enemies in cyberspace to secure victory. But one particular country listed below wasn’t a usual suspect…until now.

CHINA

The People’s Republic is a long-term threat to the US’ global hegemony and is waging economic warfare against it. But where Chinese hackers used to focus their efforts on stealing American IPs and other corporate secrets, in the past year researchers have noticed a sudden shift in their behavior. As if on command, cyber intrusions spread to countries that are part of the One Belt, One Road (OBOR) initiative and espionage using malware became the preferred method for collecting sensitive data. FireEye reports that Chinese hacking efforts are under the direct control of the PLA.

IRAN

A decade since the Stuxnet worm and the Middle East’s favorite bogeyman is now a serious practitioner of cyberwarfare. The Islamic Republic is deemed responsible for a multifaceted effort targeting its enemies in the Middle East and some European countries. On one hand, its cyber activities are limited to influence campaigns on social media. But this is now balanced with attacks on financial institutions, telcos, and energy companies. Saudi Arabia in particular is the main target.

FireEye’s research on Iranian hackers indicates a hacker unit is out to harvest personal data from IT companies and related sectors. What for? No specifics, but it’s tied to Tehran’s idea of “national security.”

NORTH KOREA

In can be argued that cybercrime and cyber theft are pillars of the Hermit Kingdom’s battered economy. According to FireEye, “North Korea’s cyber activity appears to closely mirror the personal whims of the pariah state’s leadership.” Since 2016, a single group is believed to have attempted cyber theft on assets worth $1.1 billion. The amount of money North Korea has pilfered since is speculative but these operations spanned continents and even reached several Latin American countries. Aside from banks, cryptocurrency exchanges are a priority as well.

A lesser priority for North Korea’s hackers is related to its diplomatic efforts and gathering valuable intelligence from South Korean sources.

RUSSIA

With Moscow now locked in permanent confrontation with the US its cyber activities are a magnet for scrutiny. FireEye sees Russia’s efforts as strategic, with the “main catalysts” being the disruption and harm of Moscow’s political adversaries, pursuing its national defense, weakening the Ukrainian state, and espionage in the energy sector, which feeds the national economy.

In FireEye’s latest M-Trends report, Russia’s hackers kept busy with “global operations against political and international organizations” and maintained a packed schedule throughout the past year. If this isn’t awful by itself, in March the US Attorney General released a letter to Congress revealing a Russian organization did interfere with the 2016 elections and used social media for sowing discord among American voters.

VIETNAM

The thriving Communist state is now ranked among the worst of the worst in cyber espionage. But the reason behind Hanoi’s deliberate attempts to exploit its enemies aren’t straightforward. Aside from policing the web to quash dissent, Vietnam’s powerful military are acting as enablers for the country’s industrialization by letting its hackers steal IPs and any valuable intelligence from regional targets. If the scale of these cyber activities remains unmeasured, it’s because attribution is a time-consuming process. But Vietnam’s problematic relationship with China, as well as its geopolitical importance, has pushed its government to mobilize a genuine cyber army. For the record, other ASEAN members haven’t been as aggressive in the cyber domain.