As NATO leaders convene in Washington, D.C. for the organization’s 75th Anniversary summit, a hidden war rages on – a relentless campaign of cyberattacks targeting the Alliance and its members.
This threat landscape is not merely a static backdrop, but a dynamic battlefield where adversaries employ a growing arsenal of tactics, from stealthy espionage to disruptive cyberattacks and disinformation campaigns, a report from Google-owned cybersecurity firm Mandiant said.
Espionage Actors Set Their Sights on Alliance Secrets
Nation-state actors like APT29 (ICECAP), attributed to Russia’s SVR intelligence service, are notorious for targeting NATO members. These actors excel at compromising networks, often through social engineering or exploiting zero-day vulnerabilities, to steal sensitive political, diplomatic, and military intelligence. Their ability to operate undetected within compromised environments makes them particularly troublesome adversaries, Mandiant said.
China’s cyber espionage efforts have also become more sophisticated, transitioning from loud operations to stealthier techniques. These actors exploit network edges and leverage complex infrastructure like operational relay box networks to mask their activities and hinder detection. Additionally, they increasingly rely on “living off the land” techniques, using legitimate system tools for malicious purposes, further complicating defenders’ ability to identify intrusions.
Beyond Espionage: Disruptive and Destructive Attacks
Disruptive and destructive cyberattacks pose a direct threat to NATO’s operational capabilities. Iranian and Russian actors have demonstrated a willingness to launch such attacks, often masking their involvement behind hacktivist groups. For instance, the destructive 2022 attack on Albania, initially attributed to “HomeLand Justice” hacktivists, was later linked to Iranian state actors. These incidents highlight the growing risk of attacks targeting critical infrastructure that could cripple essential services for NATO members.
Hacktivists and criminal actors further complicate the threat landscape. The global resurgence of hacktivism, fueled by geopolitical flashpoints like the Ukraine war, has resulted in a surge of attacks against NATO members. While these operations often lack sophistication and lasting impact, they can garner significant media attention and sow discord. Additionally, some hacktivist groups, like the pro-Russian Cyber Army Russia Reborn (CARR), are experimenting with more disruptive tactics, targeting critical infrastructure such as water supplies.
Financially motivated cybercrime, particularly ransomware attacks, pose a significant threat to critical infrastructure across NATO states. Healthcare institutions have become prime targets, disrupting patient care and highlighting the potential for widespread societal consequences. The ability of cybercriminals to operate with impunity from lax jurisdictions and the lucrative nature of ransomware attacks suggest this threat will only escalate.
Disinformation: A Weapon to Sow Discord
Information operations, encompassing social media manipulation and complex network intrusions, have become a hallmark of modern cyberwarfare. Russian and Belarusian actors have heavily targeted NATO with disinformation campaigns aimed at undermining Alliance unity and objectives. These efforts range from social media manipulation by “troll farms” to the coordinated leaking of stolen information.
In fact, on the same day as Mandiant released this report, the U.S. Department of Justice disrupted a Russia-run AI-enabled Twitter disinformation bot farm. Almost 1,000 accounts were seized. These bots masqueraded as Americans and promoted Russian government narratives.
Countering such campaigns requires collaboration between governments and the private sector, with tech giants like Google actively removing malicious content and disrupting information operations.
A Collective Defense is Paramount
A senior NATO official on Tuesday during the NATO Summit said Russia can sustain its war economy for 3-4 more years. “Ultimately, we all have to be prepared to continue to support Ukraine well beyond 2025. This is certainly something that we all understand very well,” the official added.
The cyber threat landscape facing NATO is vast and ever-evolving. Unlike traditional warfare, cyberattacks can persist irrespective of broader geopolitical tensions. The war in Ukraine has undoubtedly emboldened reckless cyber activity against NATO allies, highlighting the need for a collective defense strategy. To effectively counter these threats, NATO must leverage the technological expertise of the private sector and foster strong partnerships with its member states. Only through a united front can the Alliance seize the initiative in cyberspace and secure its future.
