As governments, businesses, and organizations increasingly rely on digital systems, cyberattacks have become more systematic and widespread. These coordinated attacks can disrupt a country’s operations just as much as a physical offensive, making it crucial to understand their possible impact.
With this in mind, researchers from vpnMentor examined cyber warfare incidents linked to four major geopolitical conflicts: Russia vs. Ukraine, North Korea vs. South Korea, Iran vs. Israel, and the United States vs. China.
The team examined records of the most notable incidents between these countries up to the first half of this year. For the research, they only considered incidents acknowledged by the victim countries or regarded as heavily motivated by geopolitical conflicts. Attacks suspected to be carried out or sponsored by governments allied with countries in conflict were also included.
Trends in State-Sponsored Cyberattacks
Politically motivated cyberattacks between rival countries have surged since the mid-2000s, with a notable spike in 2018. That year, Russia intensified its attacks against Ukraine, and Chinese hackers increased their activities against the United States. Although there was a temporary lull in 2019, cyber warfare incidents have risen, with over 40 significant attacks recorded in 2022 and 2023.
Russia leads in the number of cyber warfare attacks, especially against Ukraine. In 2022, during the invasion of Ukraine, Russia allegedly sponsored at least 26 significant cyberattacks. However, other countries are also under siege. South Korea has faced a growing number of attacks since 2022, second only to Ukraine.
Target Sectors in Cyber Warfare
The primary targets of these cyberattacks include government institutions, the private sector, civil society, and military organizations. Attacks on civil society and the military rarely overlap because military targets are better protected against data breaches. Government and private sector infrastructures are the most frequent targets, as they can significantly impact citizens and official operations.
Espionage remains the most common attack (75% of all attacks), with fluctuating incidents over the years. Significant spikes were observed in 2011, 2014, and 2018. Espionage cases have increased steadily since 2019, often targeting civil society and the private sector.
Over two-thirds (68%) of espionage incidents affect civil society, the private sector, or both. The researchers said this suggests the privacy and security of citizens could be compromised thanks to hostilities between countries.
Major Geopolitical Conflicts
Russia vs. Ukraine
The conflict between Russia and Ukraine began in 2014 when Russia annexed Crimea and supported separatists in the Donbas region. Cyber warfare attacks from Russia initially focused on espionage but escalated into more destructive campaigns over time. Incidents worth mentioning include the 2017 NotPetya attack, which caused $10 billion in damage globally, and the BugDrop malware, which allowed hackers to eavesdrop on sensitive conversations.
Since Russia’s 2022 invasion of Ukraine, cyberattacks have increased dramatically. Russian hackers have focused on wiper malware, which corrupts or deletes files, targeting Ukrainian telecommunications, internet providers, and media outlets. Despite the increase in attacks, the sophistication of these attacks has declined compared to previous years.
Ukraine has also ramped up its cyber warfare efforts, launching Distributed Denial of Service (DDoS) attacks against Russian networks. The conflict has also drawn in other nations, with Belarus supporting Russia and Russian hackers targeting countries like the United States in support of Ukraine.
North Korea vs. South Korea
The cyber conflict between North and South Korea dates back to the late 2000s when North Korea conducted DDoS attacks against South Korean and U.S. websites. Throughout the 2010s, North Korea focused on espionage, stealing military data, and compromising networks in multiple countries. By 2020, cyber hostilities had escalated, with North Korea’s Bureau 121, a cyber warfare unit, growing to over 6,000 personnel.
Recent attacks have targeted South Korea’s vital industries, including defense contractors and semiconductor manufacturers. A significant incident in 2024 saw North Korean hackers steal over one terabyte of data from a South Korean court computer. These activities are potentially linked to the threat of additional sanctions against North Korea.
Iran vs. Israel
The Iran-Israel conflict, often referred to as a proxy war, has seen both nations launch cyberattacks against each other and their allies. Israel’s 2010 Operation Olympic Games, which used the Stuxnet virus to damage Iran’s nuclear program, marked the beginning of cyber warfare between the two countries. Iran has invested heavily in its cyber capabilities, leading to retaliatory attacks.
Iran has launched more significant cyberattacks than Israel, targeting U.S. universities, Israeli utilities, and other critical infrastructure. In return, Israel has conducted disruptive attacks on Iranian ports and gas stations. In 2024, Iran-linked hackers claimed to have breached an Israeli nuclear facility, highlighting the ongoing cyber struggle.
United States vs. China
The cyber rivalry between the United States and China has been characterized by espionage, intellectual property theft, and interference in critical infrastructure. China has targeted U.S. businesses, government agencies, and even private citizens in its cyber campaigns. Meanwhile, the U.S. has focused on countering these threats and bolstering its cybersecurity defenses.
A Growing threat
Geopolitical cyber warfare is a growing threat affecting governments, organizations, and citizens. The conflicts between Russia and Ukraine, North and South Korea, Iran and Israel, and the United States and China demonstrate the far-reaching impacts of state-sponsored cyberattacks. As these attacks evolve, the need for robust cybersecurity measures and international cooperation becomes increasingly critical.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
