Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks.
Cyber Warfare was brought into focus when the suspected US/Israeli Stuxnet virus infected the computers at an Iranian nuclear weapon plant. How Stuxnet got into the facility is still unknown to this day. The computers at the plant weren’t connected to the internet, but the virus could have been introduced in a Wi-Fi tablet, a thumb drive, by a human agent, or in a chip built into a component. However, when it activated it took over the processing plant and ordered the centrifuges used to enrich uranium to spin out of control and destroy themselves.
Cyberwarfare is emerging as the next frontier of war. The states target the enemy’s energy sources, electricity grids, health systems, traffic control systems, water supplies, communications and sensors through cyber warfare. For instance, the cybersecurity systems of Ukraine and Iran came under attack recently.
When Russian troops invaded on February 24, a cyber attack was launched at over 10,000 satellite internet modems that are part of the American satellite firm Viasat’s network in Ukraine and other parts of Europe. Traced by the US, British, and EU governments to Russia, this attack was followed on March 1 by widespread cyberattacks on Kyiv-based media at the same time a missile struck Kyiv’s television tower.
A few days later, an unidentified Ukrainian nuclear power company, as well as media firms and government offices, was the target of a cyber attack. This is according to Microsoft, which was monitoring Ukraine’s cybersecurity situation. On April 12, the Ukrainian government reported a failed Sandworm malware, a variant of Industroyer 2, attack on the power grid aimed at causing a power blackout.
In addition to these incidents, financial services, border control stations, and even the internet infrastructure were attacked, disrupting banking services, causing power outages, and interfering with the distribution of medicines, food and relief supplies. There were even phishing attacks on the government and military, as well as the detection of surveillance software on various networks that stole information from the government and private citizens regarding social media and banking transactions. Another common attack were Distributed Denial-of-Service (DDoS) campaigns against telecommunications companies.
In Jan 2022, hackers defaced dozens of government websites in Ukraine, a technically simple but attention-grabbing act that generated global headlines. More quietly, they also placed destructive malware inside Ukrainian government agencies, an operation first discovered by researchers at Microsoft. It’s not clear yet who is responsible, but Russia is the leading suspect.
But while Ukraine continues to feel the brunt of Russia’s attacks, government and cybersecurity experts are worried that these hacking offensives could spill out globally, threatening Europe, the United States, and beyond. In March 2022, the White House issued its starkest warning yet that “evolving” intelligence indicates Moscow is planning major cyber operations against the United States in retaliation for the economic penalties that the country has imposed on Russia for its invasion of Ukraine. It may only be a matter of time before these warnings become a reality.
Moscow’s seizure of the Crimea Peninsula, perceived Russian military support of separatist rebels in eastern Ukraine, Western retaliation by imposing sanctions on Russian interests has resulted in heightened tensions between Washington and Moscow, with their relations reaching at their lowest point since decades. The recent reports also cite intensified cyber warfare activities against each other which have been going on since last decade. In Russia, the battery of economic sanctions has incentivized cyber espionage activities to steal the information of pharmaceutical, defense, aviation, and petroleum companies.
June 13th 2021, Carbis Bay, Cornwall: G7 Leaders demand that the Russian government takes action against people conducting cyber-attacks against western interests from within its borders. Moscow must stop its ‘destabilising behaviour and malign activities’, the joint missive reads. Two weeks before G7, a White House press briefing suggested that President Biden hadn’t ruled out taking retaliatory action against Russia, for alleged state-sponsored cyber attacks on US industry. This came after hackers (apparently based in Russia) got into the computer networks of meat packing firm JBS, and Colonial Pipeline, which supplies gasoline from Texas to New Jersey. The hackers threatened to cause disruption or delete files unless a ransom in cryptocurrency was paid. JBS subsequently paid out $11m to protect its systems, Colonial $4.4m.
President Putin has denied all such criticisms of his government, calling Western accusations ridiculous and absurd. Russian officials have also accused the USA of interfering in governmental processes around the world and carrying out cyber attacks in Russia and Iran.
Many significant cyberattacks in the military and civil spaces have occurred in recent months. APT41, a Chinese state-sponsored hacking group, allegedly hacked into six US state governments between May 2021 to February 2022.
Another Distributed Denial of Service (DDoS) attack in the preceding month was the cyber-attack on Israeli government websites. While the government has said this was the cyber-attack Israel has faced, investigations are yet to determine the source of the attack.
Similarly, a targeted cyber-attack campaign on Russian research institutes was discovered in June 2021. The target was research institutes under the Rostec Corporation, whose primary expertise is the research and development of highly technological defence solutions.
In 2014, Computer security firm Symantec has discovered computer malware, called “Regin”, probably run by a western intelligence agency deployed against internet service providers and telecoms companies, mainly in Russia and Saudi Arabia as well as Mexico, Ireland and Iran. The malware has the ability to steal passwords, monitor Internet traffic and recover deleted files once it is installed, the security research firm said. The malware is in some respects is more advanced in engineering terms than Stuxnet, which was developed by US and Israel government hackers in 2010 to destroy one-fifth of Iran’s centrifuges for Uranium purification.
A new joint effort by NATO members, the European Union, Australia, New Zealand and Japan will call out and confront the threat posed by Chinese state-sponsored cyberattacks. The nations will share intelligence on cyberthreats and collaborate on network defenses and security, said a senior Biden administration official. The group will publicly blame China’s Ministry of State Security for a massive cyberattack on Microsoft Exchange email servers earlier this year. The brazen Microsoft Exchange server attack became public in March and is believed to have hit at least 30,000 American organizations and hundreds of thousands more worldwide. In July 2021, the FBI, National Security Agency and Cybersecurity and Infrastructure Security Agency released a new advisory listing 50 tactics, techniques and procedures that Chinese state-sponsored hackers employ.
For now, the multinational cybersecurity effort is focused on cooperative security and threat alerts, and not on retaliation. The White House has raised the Microsoft attacks with senior members of the Chinese government, “making clear that the [People’s Republic of China] actions threaten security, confidence, and stability in cyberspace,” said the senior official.
Military tensions have increased over the past year between China and rival powers including the United States and India, with flashpoints like the Himalayan border, Taiwan and the South China Sea. China’s military budget — the second largest in the world after the US, though still less than a third of Washington’s — is set to increase by 6.8 percent in 2021, the finance ministry announced in March.
In India, researchers detected a new ransomware that made its victims donate money to the needy. However, this ransomware, called Goodwill, also acts maliciously by causing temporary or even permanent loss of company data and the possible closure of a company’s operations and finances.
The attack on India’s power grid was along similar lines. 2021 report by the cybersecurity company Recorded Future describes a sophisticated cyber campaign by Chinese agents aimed at Indian targets. The report outlines how a Chinese state-supported group – dubbed Red Echo – managed to install malware in India’s critical civilian infrastructure, including electric power organizations, seaports, and railways. Recorded Future’s report is clear in their conclusion that Red Echo’s cyber intrusions are directly linked to the Sino-Indian conflict along the mountainous northern border. Rather than targeting military infrastructure, the Chinese attackers deliberately chose to strike civilian infrastructure.
India is positioned amongst third-tier countries on a spectrum of cyber warfare capabilities. This position has been allocated based on the strength of the country’s digital economies and the maturity of its intelligence and security functions to how well cyber facilities were integrated with military operations. In this same ranking, the US is the only top-tiered country, with China and Russia hot on its heels.
Engaging in cyber warfare makes it less risky for nations to attack each other, if risk is counted in terms of loss of life and physical damage to buildings and infrastructure, that is. “It’s the cheapest and easiest form of warfare ever,” says Professor Steve Andriole, an expert in business technology from Villanova University in the USA.
To date, at least according to the information publicly available, India has not responded to these attacks. A retaliatory, offensive cyber campaign targeting Chinese critical civilian infrastructure could set off a tit-for-tat sequence of events and fuel an escalation spiral in the cyber domain and beyond.
References and Resources also include: