The Impact of Geopolitics on Cybersecurity in 2024 and Beyond

Kinetic wars involving global cyber powers in two regions. Missile and drone attacks on shipping containers in the Red Sea. Threats to democratic control of an island where the world’s stock of artificial intelligence microchips is made. This is geopolitical risk in 2024.

Geopolitical tension is rising around the world, and the consequences of those strained relations are increasingly spilling over into cyberspace. Private-sector enterprises, critical infrastructure operators, and government agencies worldwide would be wise to prepare for an uptick in nation-state-backed cyberattacks, according to experts I spoke with last week during a speaking session at RSA Conference 2024.

What specifically should cybersecurity leaders expect from Russia, China, and Iran in 2024 and beyond? To anticipate these threats, it helps to understand each country’s cyber strategy and objectives, but in short, security leaders should prepare for more of everything: disruptive cyberattacks, ransomware, IP theft, and election interference.

Panelists from left to right: Sarah Cleveland, Lior Div, Dr. Bilyana Lilly

Russian Cyber Threats

Dr. Bilyana Lilly, CISSP, the author of Russian Information Warfare and Chair of the Resilience Track for the Warsaw Security Forum, says Russia has two objectives for its cyber operations against the US and other countries.

First, Russia seeks to damage the technology and digital infrastructure of its adversaries, which is a technical objective. Second, Russia aims to erode and manipulate the decision-making power of its adversaries as well as affect the minds and behavior of US and other citizens. This is a psychological objective that encompasses everything from mis- and disinformation campaigns to assassinations and coups d’etat.

While Russia has promised to retaliate against the US for supporting Ukraine in the ongoing war with Russia, Dr. Lilly notes that the US has yet to experience a series of coordinated, large-scale Russian cyberattacks for three main reasons:

1. Russia’s priority is winning the war in Ukraine. Russia’s offensive cyber resources continue to be tied up with the conflict in Ukraine. Once Russia definitively wins or loses the war, they’ll be able to focus their cyber operations on the US.
2. Russia is still dealing with a cyber brain drain. Around half a million Russians left the country following the invasion, including 10% of Russia’s IT labor force. When they can rebuild this talent pool, which they are actively doing by training high school students on how to attack US critical infrastructure, they’ll be better positioned to retaliate against the US.
3. Russia faces a technology shortage. The GRU, FSB, and SVR rely on western technology, but many western technology companies that manufacture hardware and satellite technology left Russia after the invasion of Ukraine. Russia is working around this obstacle by buying what it needs from China and trying to restart its indigenous IT production.

When Russia overcomes those three obstacles, Dr. Lilly believes Russia will turn its attention to US critical infrastructure.

Lior Div, a former nation-state hacker and world-renowned expert in offensive and defensive cybersecurity, believes the Russian threat may be more imminent. Div, a two-time cybersecurity startup CEO and co-founder, says that the breach disclosed by Microsoft in January 2024 and attributed to Nobelium, a threat actor with ties to the Russian Foreign Intelligence Service, also known as the SVR, signals the Russian government’s resurgence as a formidable cyber threat to US organizations.

The People’s Republic of China (PRC) Cyber Threats

Compared to Russia, China’s overall cyber and information strategy is simpler and more transparent, according to Div. He notes that it supports “Made in China 2025,” a 10-year strategic plan that China issued in 2015 to develop its dominance in 10 industries, including information technology and telecommunications, advanced robotics and artificial intelligence, aerospace engineering, alternative energy vehicles, bio-medicine and medical devices. Ultimately, China’s goal is to establish its independence from the West. With Made in China 2025 in mind, the motivation for the PRC’s hacking campaigns becomes clear: cyber espionage and intellectual property theft.

Div observes that it’s rare to see ransomware attacks originating from Chinese nation-state threat actors. Instead, state-sponsored actors prefer to maintain a presence on organizations' networks for as long as possible to collect as much information as they can. At this point, Div says China has collected more information than it can currently use, including encrypted data. However, China believes that when quantum computers become available, the government will be able to decrypt and use this data.

Iranian Cyber Threats

Iranian cyber operations have historically been conducted through affiliate groups, says Div. These groups conduct espionage and destructive operations, like the 2012 compromises of Saudi Aramco and RasGas. These affiliates make it harder to attribute cyberattacks directly to Iran. As Div describes, “cyber is an elegant enough tool to create this separation.”

But Iran’s strategy may be shifting following its unprecedented kinetic attack on Israel in April. While Iran is still using affiliates in its cyber operations, Div warns that this could change and warrants close attention.

Partnerships of Convenience

As these nation-states grow increasingly bold, it raises questions about the extent to which they’ll collaborate with one another. While Dr. Lilly and Mr. Div say collaboration is possible, it’s likely that any cooperation will be limited to areas where their goals and agendas align.

Lilly adds that the relationship between these nation-states has historically been more competitive than collaborative. She notes that Russia and Iran have a history of hacking and impersonating each other. For example, after the Russian-linked group Turla stole hacking tools from Iranian-linked OilRig, Iranian hackers impersonated Russia around the US 2020 elections as part of their “Enemies of the People” campaign.

Meanwhile, Chinese officials have a history of learning from Soviet military academies, including what we now refer to as psychological operations, Dr. Lilly says. Despite the deepening relationship between Russian and China due to the war in Ukraine, China seems to still see Russia as a target for theft of military technology, including a 2022 attempt to steal data on satellite technology, radar, and electronic warfare from Russian military academies. Dr. Lilly says it’s possible we’ll see Russia and China collaborate militarily (in Taiwan) as well as in a cyber capacity (acting against US critical infrastructure), despite the environment of distrust between the two regimes.

Listen to a recording of the whole discussion here, or in the video below.