State cyber power: when national interests become a digital threat

The reality: state-affiliated hacker groups have long been part of the geopolitical order

Cyber attacks are no longer the work of individual actors. State-supported hacker groups play a central role in today's threat situation. Security experts speak of the "Big Four":

• China
• Russia
• Iran
• North Korea

All four countries have massively expanded, professionalized and often legally legitimized their cyber capabilities in recent years. This is not just about espionage or sabotage, but also about economic advantages and geopolitical influence - a veritable cyber war in the digital space.

China: cyber warfare on the quiet

With over 240 documented cyberattacks in Austria in 2023 alone, China was the frontrunner among suspected state-sponsored attackers. What is special about the Chinese cyber strategy is that it relies on longevity, stealth and targeted data espionage. Attacks are planned and executed over the long term via specialized units, private service providers and a specially established cyber security center in Wuhan.

A leaked leak ("I-Soon leak") revealed that data is deliberately leaked in small quantities in order to circumvent security mechanisms and remain under the radar. Particularly critical: according to the law, discovered Zero-day vulnerabilities must first be reported to the government - not the manufacturer. This is a deliberate departure from international standards with the aim of potentially using exploits for offensive purposes.

Russia: sabotage, disruption, disinformation

Russia is pursuing a much more aggressive cyber strategy. The focus is clearly on symbolic attacks, for example on energy suppliers or political institutions. In 2023, 158 Russia-related cyber attacks were registered in Austria.

State-affiliated groups such as "Sandworm", part of the Russian military intelligence service GRU, have been operating with great precision for years. One well-known example is the attack on the Ukrainian power grid. Russia also offers a digital environment in which private cyber criminals can move and operate freely. Ransomware groups such as "Lockbit" benefit from this lawless space.

Iran: cyber power through sanctions

Iran has been investing in cyber capabilities since its nuclear program was compromised by Stuxnet in 2010. Today, the Islamic Republic is one of the most active players in global cyber warfare. The aim is often to circumvent Western sanctions and gain access to militarily relevant information.

In 2023, over 100 cyberattacks of Iranian origin were observed in Austria. The attacks often target space and satellite projects, defense companies or critical infrastructure.

North Korea: cybercrime as a source of income

North Korea is a special case: here, cybercrime is officially used to finance the state. According to the United Nations, over 1.2 billion US dollars have been generated through cyberattacks, including to finance the North Korean nuclear program.

The focus is on attacks against crypto exchanges and financial service providers. Targeted phishing campaigns, supply chain attacks and malware that is infiltrated via manipulated domains are typical.

Recommendations for action: How companies can arm themselves against state-motivated cyber attacks

In order to survive in this new threat context, more than traditional IT security measures are needed. Companies must critically review and adapt their own cyber strategy:

1. 🛡️ Introduce cyber threat intelligence
   Understand who is attacking - and how. Information on state attack groups and their tactics is crucial for prevention.
2. establish 🛡️Zero Trust architecture
   Trust is a thing of the past - today, the rule is: verify before access is granted. For systems, users and services.
3. 🛡️Supply Increase chain security
   Attacks often come indirectly - for example via external service providers or outdated components in the chain.
4. 🛡️Incident Detection & Response (XDR / MDR)
   Detect attacks in real time, respond quickly and minimize damage with automated systems and partners with 24/7 Security Operations Centers.
5. 🛡️Security Awareness programs strengthen
   With social engineering and spear phishing in particular, all it takes is a single click and the attacker is in.

Recommendations for action: How companies can arm themselves against state-motivated cyber attacks

In order to survive in this new threat context, more than traditional IT security measures are needed. Companies must critically review and adapt their own cyber strategy:

1. 🛡️ Introduce cyber threat intelligence
   Understand who is attacking - and how. Information on state attack groups and their tactics is crucial for prevention.
2. establish 🛡️Zero Trust architecture
   Trust is a thing of the past - today, the rule is: verify before access is granted. For systems, users and services.
3. 🛡️Supply Increase chain security
   Attacks often come indirectly - for example via external service providers or outdated components in the chain.
4. 🛡️Incident Detection & Response (XDR / MDR)
   Detect attacks in real time, respond quickly and minimize damage with automated systems and partners with 24/7 Security Operations Centers.
5. 🛡️Security Awareness programs strengthen
   With social engineering and spear phishing in particular, all it takes is a single click and the attacker is in.