
State cyber power: when national interests become a digital threat
The reality: State-affiliated hacker groups have long been part of the geopolitical order
Cyber attacks are no longer the work of individual actors. State-supported hacker groups play a central role in today's threat situation. Security experts speak of the "Big Four":
- China
- Russia
- Iran
- North Korea
___________________________________________________________________________________________
All four countries have massively expanded, professionalized and often legally legitimized their cyber capabilities in recent years. This is not just about espionage or sabotage, but also about economic advantages and geopolitical influence.
China: cyber warfare on the quiet
With over 240 documented attacks in Austria in 2023 alone, China was the frontrunner among suspected state-sponsored attackers. The special thing about Chinese tactics is that they rely on longevity, stealth and targeted data espionage. Attacks are planned and executed over the long term via specialized units, private service providers and a specially established cyber security center in Wuhan.
A leaked leak ("I-Soon leak") revealed that data is deliberately leaked in small quantities in order to circumvent security mechanisms and remain under the radar. Particularly critical: according to the law, discovered zero-day vulnerabilities must first be reported to the government - not the manufacturer. This is a deliberate departure from international standards with the aim of potentially using exploits for offensive purposes.
Russia: sabotage, disruption, disinformation
Russia is pursuing a much more aggressive cyber strategy. The focus is clearly on symbolic attacks, for example on energy suppliers or political institutions. In 2023, 158 Russia-related cyber attacks were registered in Austria.
State-affiliated groups such as "Sandworm", part of the Russian military intelligence service GRU, have been operating with great precision for years. One well-known example is the attack on the Ukrainian power grid. Russia also offers a digital environment in which private cyber criminals can move and operate freely. Ransomware groups such as "Lockbit" benefit from this lawless space.
Iran: cyber power through sanctions
Iran has been investing in cyber capabilities since its nuclear program was compromised by Stuxnet in 2010. Today, the Islamic Republic is one of the most active players in global cyberspace. The aim is often to circumvent Western sanctions and gain access to militarily relevant information.
In 2023, over 100 cyberattacks of Iranian origin were observed in Austria. The attacks often target space and satellite projects, defense companies or critical infrastructure.
north Korea: cybercrime as a source of income
North Korea is a special case: here, cybercrime is officially used to finance the state. According to the United Nations, over 1.2 billion US dollars were generated through cyber theft, including to finance the North Korean nuclear program.
The focus is on attacks against crypto exchanges and financial service providers. Targeted phishing campaigns, supply chain attacks and malware infiltrated via manipulated domains are typical.
Recommendations for action: How companies can arm themselves against state-motivated attacks
To survive in this new threat context, you need more than traditional IT security measures:
- 🛡️ Introduce cyber threat intelligence
Understand who is attacking - and how. Information on state attack groups and their tactics is crucial for prevention. - establish 🛡️Zero Trust architecture
Trust is a thing of the past - today, the rule is: verify before access is granted. For systems, users and services. - 🛡️Supply Increase chain security
Attacks often come indirectly - for example via external service providers or outdated components in the chain. - 🛡️Incident Detection & Response (XDR / MDR)
Detect attacks in real time, respond quickly and minimize damage with automated systems and partners with 24/7 Security Operations Centers. - 🛡️Security Awareness programs strengthen
With social engineering and spear phishing in particular, all it takes is a single click and the attacker is in.
Our IT security services
Contact
CANCOM Austria
Request now