For thousands of years, nations have engaged in espionage, spying on their neighbors, allies, and adversaries. Traditionally, this realm of “espionage” relied heavily on human intelligence, but that started changing in the early 1890s with the advent of technologies like the telegraph, telephone phone and subsequently radio signals intelligence (SIGINT). However, in today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike, marking a significant evolution in espionage for the 21st century. 

Six advantages of cyber operations 

Cyber capabilities are highly valuable for nation-states pursuing political, economic, and military goals, offering significant advantages at a relatively low cost in terms of resources and risk.

Cyber operations can be stealthy, allowing for undetected access to target systems for data harvesting or covert activities, as seen in incidents like SolarWinds.
They can also be loud and disruptive or destructive, as evidenced in conflicts in Ukraine and the Middle East.
Cyber means are manipulative, useful for influencing scenarios, and increasingly deployed across most continents.
They are lucrative for financial gain, as demonstrated by activities attributed to North Korea, financing its military program through ransomware campaigns.
They can be outsourced by encouraging third-party operations as mercenaries or hacktivists willing to undertake these attacks in exchange for money or even for political goals and beliefs.
And they have a high degree of deniability, as it can take time (including overcoming obfuscation techniques) to trace the origin of an attack with absolute confidence. 

The cyber domain is also blessed with a variety of tactics, tools, and techniques, buoyed by a thriving dark web market and an endless array of vulnerabilities to be exploited. Moreover, the lack of significant deterrence or punishment for cyber activities adds to its attractiveness for nation-states. 

Global cyber operations and evolving tactics of major nations 

The increasing appeal of cyber capabilities among nations is evident, with many striving to maximize their cyber potential. Russia, China, Iran, and North Korea are frequently mentioned for their malicious cyber activities. It is said all countries spy, but some are viewed as going beyond accepted norms. 

China, in particular, has been utilizing cyber’s unique capabilities extensively. Intelligence agencies from the Five Eyes nations continually warn about the widespread activities of China-aligned groups affecting every continent. Most recently this alliance highlighted the scale and sophistication of China’s intellectual property theft and expertise acquisition, which was described as unprecedented.

Russia, amidst its focus on Ukraine for disruption and destruction, also engages in cyberespionage globally with Europe particularly in its crosshairs. Russia is also alleged to have conducted influence campaigns in Africa, targeting governments with close Western ties and seeking to undermine governments elsewhere that are less supportive of the Russian government.

North Korea-aligned groups remain focused on acquiring defense-related technologies, generating revenue through ransomware, and conducting espionage, especially in Asia. The Lazarus group is probably the most infamous of North Korean aligned hackers, including an alleged attack on a Spanish aerospace firm

Iran-aligned groups are expanding their capabilities and reach, extending beyond their traditional focus on the Middle East, particularly targeting Israel.

Beyond these well-known actors, an ever-increasing number of states are developing their own capabilities to conduct cyber operations beyond their borders or target foreign entities, including embassies, international organizations, companies, and individuals, within their own countries. For instance, the alleged Belarusian group MoustachedBouncer is believed to be able to access a Belarusian telecommunication operator to conduct a “man in the middle” attack on foreign entities within Belarus. 

But when in-house capability is insufficient, or to enhance deniability, some nations resort to the private sector and cyber mercenaries. The number of nations involved in cyber operations could conservatively be over 50 and is growing globally. In fact, according to CERT-EU, there have been 151 malicious activities of interest targeting EU institutions, including by Turkey-aligned and Vietnam-aligned groups. This global trend underscores the growing significance and evolution of the threat landscape. 

A window into a complex world 

Activities in cyberspace are glimpses into the complexities of geopolitics, and often attacks can only be understood through the lens of political intent. The world’s three great powers are locked in a contest for influence, prosperity, and power. In most regions, there are live conflicts, simmering tensions, political, security, and economic challenges. In this climate of instability, heightened competition, often disillusioned populations, and in a more digitally connected world, cyber is an extremely convenient tool for states to deploy. It is rare nowadays when bilateral disputes do not involve some form of cyber dimension either from state actors, their proxies, or aligned/influenced hacktivists. Whilst some contests in cyberspace between nations are predictable, bilateral spats can also erupt without warning. 

Securing agreement on binding international norms of reasonable state behavior in cyberspace seems unrealistic in the medium term despite efforts by the UN. Faced with this uncomfortable reality, the need for greater international cooperation, policy frameworks, and awareness campaigns to manage and mitigate the risks associated with these malicious activities is becoming more pressing than ever. Building resilience will require a holistic, society-wide approach, as the cyber domain is set to remain a pivotal battleground in an increasingly restive world.