 |
| Cyber Attacks |
In the realm of cyber-warfare, names like Camaro Dragon, Fancy Bear, Static Kitten, and Stardust Chollima may not sound like the latest Marvel superheroes, but they represent some of the most formidable hacking groups worldwide. These elite teams have long been associated with government-backed cyber espionage, carrying out theft and disruption in covert operations. Cyber-security companies even created animated characters to depict them. Market reports often highlight these "advanced persistent threats" (APTs) on world maps, with Russia, China, North Korea, and Iran frequently identified as their origins.
Yet, there are conspicuous gaps on that map. Why is it so rare to hear about cyber-attacks and hacking teams originating from Western nations?
Perhaps a recent major hacking incident in Russia holds the answer. At Kaspersky, Russia's largest cyber-security company, an alarming discovery unfolded. Strange pings on the company's Wi-Fi network indicated an ongoing attack. Dozens of employees' mobile phones were unknowingly transmitting data to unfamiliar destinations on the internet.
This was no ordinary situation. Kaspersky's chief security researcher, Igor Kuznetsov, recounts their initial skepticism and subsequent astonishment. After thorough analysis of several infected iPhones, it became clear that Kaspersky had stumbled upon a sophisticated surveillance-hacking campaign targeted at their own staff. The attackers had devised a method to infect iPhones through iMessages, leaving no trace once the malicious software took hold. The victims' phones became unwitting tools, transmitting personal data, messages, emails, pictures, and even access to cameras and microphones back to the hackers.
While Kaspersky adheres to its policy of not attributing attacks to specific countries, the Russian government reacted differently. In a bulletin, Russian security services announced the discovery of a reconnaissance operation conducted by American intelligence services, utilizing Apple devices. The bulletin also accused Apple of aiding the hacking campaign, a claim the company firmly denies. However, the alleged perpetrator, the United States National Security Agency (NSA), declined to comment on the matter when approached by BBC News.
Interestingly, the Russian government's response deviated from the traditional approach. It seemed as though they intended to make a joint announcement with Kaspersky for maximum impact, a strategy increasingly employed by Western countries to expose hacking campaigns and publicly assign blame. Only last month, the US government, in collaboration with Microsoft, exposed Chinese government hackers infiltrating energy networks in US territories. The Five Eyes alliance, comprising the US, UK, Australia, Canada, and New Zealand, swiftly supported the claim. China, in turn, vehemently denied the accusations, dismissing them as part of a "collective disinformation campaign" orchestrated by the Five Eyes countries, while also labeling the US as the "empire of hacking."
In a remarkable shift, China and Russia are now adopting a more aggressive approach in denouncing Western hacking activities. China Daily, a state-run news outlet, has issued warnings about foreign-government-backed hackers posing the biggest cyber-security threat to the country. A Chinese cybersecurity company, 360 Security Technology, reported discovering 51 hacker organizations targeting China. However, they did not respond to requests for comment. Furthermore, last September, China accused the US of hacking a government-funded university involved in aeronautics and space research programs.
Some experts believe this change in stance by China and Russia reflects their recognition of the effectiveness of Western methods of cyber exposure. They argue that it is fair and appropriate for other countries to shed light on Western cyber activities. The International Institute for Strategic Studies (IISS) designates the US as the sole tier-one cyber power globally, based on its offensive, defensive, and influential capabilities. Tier two includes China, Russia, the UK, Australia, France, Israel, and Canada. The National Cyber Power Index, compiled by researchers at the Belfer Centre for Science and International Affairs, also affirms the US as the leading cyber power worldwide.
Julia Voo, the lead researcher of the aforementioned index, observes a battle of narratives unfolding in cyberspace. Governments now question which entities are acting responsibly or irresponsibly in the realm of cyber-attacks. She contends that compiling a list of APT hacking groups while pretending Western counterparts do not exist is an inaccurate portrayal of reality.
Another factor contributing to the scarcity of information on Western cyber-attacks could be their stealthier nature, resulting in less collateral damage and a lower profile. Unlike the more aggressive and widespread attacks associated with nations like Iran and Russia, Western nations tend to conduct cyber operations with greater precision and strategy. Consequently, Western cyber operations generate less attention and noise.
Trust, or lack thereof, also plays a role in the limited reporting on Western cyber-attacks. It is relatively easy to dismiss hacking allegations made by Russia or China due to the frequent absence of compelling evidence. However, when Western governments point fingers, they seldom provide concrete proof to substantiate their claims.
Additionally, lucrative contracts from Western governments, such as the UK or US, serve as significant revenue sources for many cyber-security companies. As a result, the interests and needs of these customers heavily influence the cyber-security intelligence sector. While volunteers contribute to platforms tracking threat-actor activities across the globe, certain tabs, such as "NATO" APTs, remain sparsely populated compared to those representing other regions and countries.
In summary, the scarcity of information regarding Western cyber-attacks is a complex matter influenced by the strategic and precise nature of their operations, the battle of narratives in cyberspace, and the interests of the cyber-security industry. As the dynamics of cyber-warfare evolve, governments around the world continue to question and scrutinize cyber activities, seeking to define responsible behavior in this ever-expanding domain.