Russia, Iran and North Korea Bolder in Cyber Realm
The intelligence community delivers the annual threat assessment to Congress.
Russia, Iran and North Korea are testing more aggressive cyber attacks against the United States and partner nations, according to the annual Worldwide Threat Assessment of the U.S. Intelligence Community delivered to Congress today by Dan Coats, director of national intelligence.
“The use of cyber attacks as a foreign policy tool outside of military conflict has been mostly limited to sporadic lower-level attacks. Russia, Iran and North Korea, however, are testing more aggressive cyber attacks that pose growing threats to the United States and U.S. partners,” the report states.
The intelligence community also reports that adversary nations are “using cyber operations as a low-cost tool of statecraft, and we assess that they will work to use cyber operations to achieve strategic objectives unless they face clear repercussions for their cyber operations.”
The report suggests that:
The Russian government is likely to build on the wide range of operations it is already conducting, including disruption of Ukrainian energy-distribution networks, hack-and-leak influence operations, distributed denial-of-service attacks and false flag operations. In the next year, Russian intelligence and security services will continue to probe U.S. and allied critical infrastructures as well as target the United States, NATO and allies for insights into U.S. policy.
The intelligence community and private-sector security experts continue to identify ongoing cyber activity from China, although at volumes significantly lower than before the bilateral U.S.-China cyber commitments of September 2015. Most detected Chinese cyber operations against U.S. private industry are focused on cleared defense contractors or information technology and communications firms whose products and services support government and private-sector networks worldwide. Since 2015, China has been advancing its cyber attack capabilities by integrating its military cyber attack and espionage resources in the Strategic Support Force, which it established that year.
Tehran probably views cyber attacks as a versatile tool to respond to perceived provocations, despite Iran’s recent restraint from conducting cyber attacks on the United States or Western allies. Iran’s cyber attacks against Saudi Arabia in late 2016 and early last year involved data deletion on dozens of networks across government and the private sector.
Pyongyang probably has a number of techniques and tools it can use to achieve a range of offensive effects with little or no warning, including distributed denial-of-service attacks, data deletion and deployment of ransomware. North Korean actors developed and launched the WannaCry ransomware last May, judging from technical links to previously identified North Korean cyber tools, tradecraft and operational infrastructure. The same actors conducted the cyber theft of $81 million from the Bank of Bangladesh in 2016.
Terrorist groups will continue to use the Internet to organize, recruit, spread propaganda, raise funds, collect intelligence, inspire action by followers and coordinate operations. Given their current capabilities, cyber operations by terrorist groups mostly likely would result in personally identifiable information disclosures, website defacements and denial-of-service attacks against poorly protected networks. Transnational criminals will continue to conduct for-profit cyber-enabled crimes, such as theft and extortion against U.S. networks.
In just 10 years—from 2007 through last year—the number of nations capable of launching cyber attacks has risen from just a few to more than 30.