Google Threat Intelligence Group have released a report this week on the threat cyber crime poses to national security.
The report highlights why policymakers should be taking the cyber criminal threat just as seriously as operations conducted by nation states. It details how nation-states are increasingly co-opting cybercriminal groups and tactics to advance their geopolitical and economic agendas.
It also looks at the deep societal impact of cyber crime, from economic destabilisation to its toll on critical infrastructure, including healthcare. The report details how cyber crime has evolved into a destabilising force that threatens national security, shedding light on how the four nations are using cyber crime as a resource and for profit.
Russia, China and Iran have all drawn on cybercrime to enable their state-backed espionage operations. In addition, Iran and Chinese espionage groups have deployed ransomware to supplement their income. Finally North Korea now primarily conducts operations with financially motivated objectives, gathering money to support the regime.
“The vast cyber criminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states,” said Ben Read, senior manager at Google Threat Intelligence Group. “These capabilities can be cheaper and more deniable than those developed directly by a state. These threats have been looked at as distinct for too long, but the reality is that combating cyber crime will help defend against state-backed attacks.”
Cybercrime tools fuel Russia’s operations in Ukraine. Faced with operational pressures and resource constraints following their invasion of Ukraine, Russia has mobilised its cyber criminal community for tools and manpower to conduct espionage and disruptive operations.
China blurs the lines. Leveraging financially motivated cyber operators to both obscure and enhance its state-sponsored espionage, with groups like APT41 mixing ransomware deployment with intelligence collection.
Iran’s operations are cash-centric. Economic pressures spurred by Iran’s declining economy may be the driving force behind some Iranian threat actors using ransomware and hack-and-leak operations.
Cryptocurrency heists are DPRK state policy. Focusing on the cryptocurrency sector and blockchain-related platforms, these heists are planned to directly fund North Korea’s missile development programs, nuclear ambitions, and the wider operational costs of the regime, all while evading international sanctions.
Cyber crime has social costs. When hospitals are locked out of critical systems, patient care suffers. When power grids are disrupted, entire communities are left vulnerable. The effects of cyber crime extend far beyond stolen money or data breaches; they erode public trust, destabilise essential services, and, in the most severe cases, cost lives.
Urgent action is required. The growing convergence of cyber crime and state-sponsored hacking demands robust action on par with the threat posed by nation-state adversaries. Tackling this challenge requires a new and stronger approach that recognises the cyber criminal threat as a national security priority requiring international cooperation.
“Cyber crime has unquestionably become a critical national security threat to countries,” said Google Threat Intelligence VP Sandra Joyce. “The marketplace at the centre of the cyber crime ecosystem has made every actor easily replaceable and the whole problem resilient to disruption. Unfortunately, many of our actions have amounted to temporary inconveniences for these criminals, but we can’t treat this like a nuisance and we will have to work harder to make meaningful impacts.”
You can read the full report here.
