There has been a rise in cases of countries launching attacks on the telecommunication hardware of rivals or neighboring nations and stealing client data.
According to a report released by American cybersecurity firm CrowdStrike, although several countries provide lip-service to curbing their clandestine cyber activities, they have actually increased their cyber espionage operations and combined them with financially motivated fraud.
Cybercrime actors also demonstrated new-found flexibility, forming and breaking alliances and quickly changing tactics mid-campaign to achieve their objectives, the report added.
The report stated that in 2018 nation-state adversaries were continuously active – targeting dissidents, regional adversaries and foreign powers to collect intelligence for decision-makers.
North Korea remained active in both intelligence collection and currency-generation schemes, despite participating in diplomatic outreach. Iran maintained a focus on operations against other Middle Eastern and North African countries, particularly regional foes across the Gulf Cooperation Council (GCC).
As for China, CrowdStrike observed a significant rise in US targeting, likely tied to increased tensions between the two countries.
Russian adversaries were active across the globe in a variety of intelligence collection and information operations. Other nation-state adversaries tracked by CrowdStrike but not prominently featured in this report include: Adversaries linked to Pakistan and India maintained an interest in regional affairs with a rise in activity on the Indian subcontinent.
The report said many China-based groups were linked to telecom targeting. It claimed there had been incidents that demonstrated a specific interest in using telecom access or lures to enable operations against government sector targets in Asia, and such attacks are on the rise.
CrowdStrike claimed that throughout 2018, several targeted intrusions with a focus on the telecommunications sector had taken place. They directly target organizations in the telecom sector, compromise vulnerable telecom equipment and use lures to reference telecom services. “This trend likely supports state-sponsored espionage actors as they seek to gain access to a broad customer base that relies on telecom services,” the report added.
The report concluded that both China and Russia would continue to use cyber capabilities to gain situational awareness of neighboring states and rivals located far away.
In 2019, targeted intrusion adversaries would continue to conduct campaigns as part of their nation-state’s national strategies. China, Russia, Iran and North Korea were seeking geopolitical prominence, both in their respective regions and internationally, and they will use their cyber capabilities to attain and maintain situational awareness of their neighbors and rivals.
In these campaigns, the government, defense and NGO sectors will continue to be in the cross-hairs. The targeting of telecommunications and other managed service provider sectors will provide support in these campaigns.