Cyberattacks as a geopolitical tool
Cybercrime is increasingly being used as a state-sponsored strategy. A recent report by the Google Threat Intelligence Group (GTIG) and Mandiant shows that Russia, China, North Korea, and Iran are deliberately using cyber operations to exert political influence and gain financial advantage. Financially motivated attacks, in particular, have risen sharply and are increasingly accompanied by state-sponsored espionage and sabotage.
Russia: Cyberattacks in Wartime
Since the start of the war in Ukraine, Russia has stepped up its cyber operations. Russian military intelligence uses groups such as APT44 to carry out attacks on critical infrastructure. For example, malware campaigns were launched against Ukrainian and Polish companies in 2022 and 2023. Particularly notable is the combination of espionage, sabotage, and ransomware attacks:
- Targeted spear-phishing campaigns against Ukrainian drone manufacturers
- Ransomware attacks on logistics companies in Poland and Ukraine
- Sabotage attacks on energy providers that led to widespread heating outages in January 2024
These developments illustrate how Russia uses cybercrime as part of its hybrid warfare.
China: Economic Espionage via Ransomware
China is pursuing a more sophisticated strategy: cybercriminals are being specifically deployed to support state-sponsored espionage operations. Groups such as APT41 combine cyberattacks with industrial espionage to infiltrate foreign companies and steal intellectual property. In doing so, China employs various tactics:
- Ransomware attacks aimed at putting financial pressure on companies
- Targeted espionage attacks on technology companies to gain a competitive advantage
- Cybercrime used to conceal the origin of attacks
One particularly alarming trend is that Chinese groups are using certificates stolen during espionage operations for their own attacks in order to cover their tracks.
Iran: Ransomware as an Economic Weapon
Iran uses cybercrime to fund its regime. Groups such as UNC757 collaborate with ransomware gangs to target companies. In 2024, the FBI documented that Iranian hackers were working with groups such as No Escape and ALPHV to encrypt data and extort ransom payments.
North Korea: Crypto Theft as a Source of State Revenue
North Korea primarily uses cybercrime to finance its regime. The APT38 group, which operates under the North Korean intelligence service, has been targeting banks and cryptocurrency platforms for years. The hackers are responsible for the following attacks, among others:
- Theft of over $1.1 billion through fraudulent SWIFT transactions
- Hacker attacks on cryptocurrency platforms to circumvent sanctions
- Destructive malware attacks designed to cover their tracks
These attacks underscore the fact that North Korea systematically uses cybercrime to bolster its economy and finance its nuclear weapons program.
Conclusion: State-sponsored cyberattacks require a global response
The growing link between state-sponsored espionage and cybercrime poses an increasing risk to businesses and governments worldwide. Companies must strengthen their security measures to avoid falling victim to attacks that are, in reality, part of a much broader geopolitical strategy.