Iran and North Korea: New kids on the (cyber-warfare) block
Iran and North Korea: New kids on the (cyber-warfare) block

In its 77-page ‘Global Threat Intel' report published on Tuesday, US-based security firm CrowdStrike detailed everything from increasing cyber-espionage and the rise of sophisticated ransomware to Lizard Squad, cyber-enabled warfare and Chinese, Russian and Iranian threat actors.

On the latter, the report, perhaps unsurprisingly, came to the conclusion that China and Russia are the most sophisticated as far as cyber-operations are concerned.

“China-based adversaries continued to be the most prolific in the targeted intrusion space, but public reporting on a number of actors linked to Iran and Russia show the breadth of the threat from targeted intrusion operators.

“China is, by now, well known for conducting cyber-espionage campaigns focused on accessing intelligence about intellectual property, mergers and acquisitions, and technologies highlighted in its Five-Year plans. Targeting these technologies and strategic business information allow its domestic companies to rapidly make “leap frog” developments, and to benefit from favourable bargaining positions, thus elevating them to become global leaders.”

The report further notes: “This behaviour is expected to continue in 2015, as will continued targeting of foreign government entities in an attempt to access information related to the global strategy and plans of these countries.”

CrowdStrike says that there are now as many as 39 state-sponsored and nationalist adversaries carrying out this kind of surveillance, and adds that countries are beginning to see the value of “collecting intelligence in the information domain”.

China is allegedly putting this intelligence to good effect, even watching Russia because it is working closely with Putin.

“One of the primary reasons for this increase in Russian targeting by China-based adversaries is likely that ties between China and Russia have recently been growing stronger,” it reads, citing the £262 million (US$ 400 million Russia gas deal,  the construction of a bridge between the countries and the use of a part of eastern Russia. They also revealed a plan to set up GPS ground stations in each other's countries.

Russia is not far behind with targeted campaigns such as Energetic Bear, Fancy Bear and Venomous Bear, while Iran and North Korea are expected to close the gap in the years to come.

Considering what could happen in the coming year, researchers at the endpoint protection firm said of North Korea's activity: “CrowdStrike Intelligence predicted that North Korea might use its cyber-operations to project power during 2014. That prediction came to fruition when a North Korean adversary attacked Sony because of one of the studio's movies that North Korea perceived as an act of war.”

Iran ‘spied' on UK and US

Iran is also being closely watched. The country signed the delayed Joint Plan of Action (JPOA) agreement with an intergovernmental negotiation body consisting of China, France, Russia, UK, US and Germany, to reduce its stockpile of enriched uranium.

“The JPOA could be a driver or tipping point for future cyber-attacks by Iran against western targets. Iran has publicly noted the understanding that negotiations can be influenced and has demonstrated historically that it is willing (and has capabilities) to conduct cyber-operations to influence negotiations if it sees fit to do so.”