July 8, 2024 at 02:28PM
Cyber threats against NATO are on the rise, with primary adversaries being Russian and Chinese nation state actors, financially motivated criminal activity, and ideologically driven hacktivists. APT29, COLDRIVER, and APT44 are Russian state actors involved in cyber espionage and hybrid warfare. Chinese espionage has focused on using zero-day vulnerabilities and stealth techniques. Disinformation campaigns, hacktivism, and ransomware attacks have also increased, posing significant challenges for NATO.
Based on the meeting notes, the primary cyber threats facing NATO ahead of its Washington DC summit from July 9, 2024, to July 11, 2024 are from Russian and Chinese nation state actors, financially motivated criminal activity, and ideologically driven hacktivists. The primary political motivations behind these threats include cyber espionage and hybrid warfare, which involves spreading disinformation and attacking civil society to weaken public resolve and support.
Some specific threat actors mentioned in the notes are APT29, COLDRIVER, and APT44, all linked to Russian state actors. APT29 has been targeting technology companies and IT service providers to access government and policy organizations, as well as political parties in the US and Germany. COLDRIVER uses credential phishing against politically relevant targets and has targeted NATO countries and Ukraine to sow discord. APT44, known for disruptive cyberattacks, has been involved in attacks such as NotPetya, Pyeongchang Olympic games, and ransomware attacks against Poland and Ukraine. It has been highlighted that state actors, not limited to APT44 and Russia, are compromising the critical infrastructure of NATO members in preparation for future disruptions.
Chinese cyber espionage has transitioned from loud, easily attributable attacks to a greater focus on stealth, using zero-day vulnerabilities and operational relay box networks to conceal espionage operations. There has also been an increased use of ‘living off the land’ techniques to increase stealth. Notably, these approaches are not limited to China, as Russian actors have also used them.
Disinformation campaigns, hacktivism, and ransomware attacks have also been identified as significant threats, with the narratives propagated by these operations calling for NATO’s dismantlement and implying that the Alliance is a source of global instability.
Mandiant Intelligence emphasizes the need for NATO to rely on collaboration with the private sector to seize the initiative in cyberspace from its adversaries and draw on the strength of its constituent members to combat these cyber threats effectively.