New Wave of State-Sponsored Cyber Threats Emerges

System hacked warning alert on notebook (Laptop). Cyber attack on computer network, Virus, Spyware, Malware or Malicious software. Cyber security and cybercrime. Compromised information internet.

By Manish Gohil

The kind of cyber operations more commonly associated with authoritarian states such as Iran and Russia are now being employed by dozens of illiberal governments in Africa, Asia and the Middle East.  Spyware advances, digital tools of repression along with developments in artificial intelligence are boosting these states’ offensive cyber capabilities, posing a threat to political opponents and creating new threats and risks for Western businesses.

The cyber technologies employed by authoritarian regimes to undermine adversaries are also being bought by a swathe of countries with repressive tendencies, including Algeria, Bangladesh, Egypt, Ethiopia, and Pakistan. There is already evidence of these governments utilising malicious cyber tactics to tighten their grip on power and to detect and quash suspected threats from political rivals. Forecasts by my company, Dragonfly, suggest that this trend is very likely to escalate over the coming years. 

Russia, North Korea, Iran, and increasingly China, have all exploited weaknesses in cyber defences to try to both undermine Western democracies – largely by interfering in elections – and in some instances raise funds. They do so through commercial espionage and theft. Western governments and businesses have deployed substantial cyber resources to guard against these specific threats and understand how they work.  

Less, however, is known about the new wave of state-sponsored cyber menace. That is not least because, unlike the first wave, the new actors do not presently pose a geopolitical danger. They have so far largely confined themselves to leveraging digital technology to undermine and harass opponents and dissidents. However, Western organisations and their personnel in these countries may soon find themselves in the cross-hairs – since commercial and sensitive information is the new gold.

Companies based in or linked to Israel have facilitated the growth in cyber espionage. It is the leading exporter of spyware and similar digital tools. Illiberal administrations are acquiring these surveillance capabilities to monitor their citizens, with journalists, activists, and dissidents most vulnerable. Around 40 per cent of the 40 countries that Dragonfly identified as being at high risk of digital repression have very repressive governments. El Salvador, Nicaragua and Tunisia are examples of countries where digital repression has been particularly acute in recent years, according to the V-Dem Institute, which assesses the state of democracy globally.

It is in the emerging markets of Asia, the Middle East, and North Africa where the authorities are especially likely to employ digital technologies. They do so to fend off political challenges and spy on businesses to gain commercially-sensitive information. The implications for Western business are thus becoming all the more pressing. Many of these same states are on their way to becoming thriving commercial hubs, with multinationals based there unaware of their potential exposure to espionage. 

Technology transfers are behind this trend. Israel has clearly been driving this, but others are also involved. The US intelligence community has noted that Beijing shares its equipment and know-how with allies and sells them on the open market. Data compiled by the US-based Brookings Institution shows Chinese surveillance and public security technology platforms, using facial recognition surveillance technology, have been adopted in at least 80 countries since 2008. Developments in AI and related technologies will also very probably enhance governments’ abilities to monitor their civilian populations, censor information, and spread disinformation. In a sign of how this is likely to affect multinationals, pro-Russia actors have targeted select Western brands in online disinformation campaigns in the past year. 

Next year will most probably see this wave of state-sponsored cyber operations intensify. A staggering 41% of the world’s population across at least 50 countries – including India, Indonesia, Mexico, Taiwan and the US – will take part in national elections. This will almost certainly be accompanied by a surge in cyber threats against individuals and businesses. Foreign digital interference by China and Russia in Taiwan and the US respectively is a given, but incumbent illiberal governments with newly-acquired cyber capabilities, such as Bangladesh, are also very likely to use them to try to secure re-election. Bangladeshi voters will be heading to general elections on 7 January 2024.  

Yet repressive administrations are not the only ones purchasing the spyware. A European Parliament report in 2022 asserted that the Israeli NSO Group sold products to at least 14 EU member states, which were used illegitimately in at least four: Greece, Hungary, Poland and Spain.  According to The New York Times earlier this year, the device of a US-Greek national, who formerly worked for Meta, was allegedly hacked and infected with spyware by the Greek national intelligence agency. 

For now, at least, it’s emerging authoritarian states that pose the bigger cyber threat to civil society and business. To date, they have mostly targeted political figures, dissidents and those viewed as potential threats, but there are growing signs of state-sponsored espionage targeting Western corporations. Boards with operations in these jurisdictions should, first and foremost, boost their cyber defences. And, at the same time, they must be proactive. They need to anticipate attacks by better understanding the cyber capabilities of local authorities, and why and how these might be mobilised against them. 

This article was originally published on 24 December 2023.

About the Author

Author - ManishManish Gohil is a Senior Associate covering cyber risks at Dragonfly, a geopolitical and security risk consultancy firm based in London. He is a Certified Security Management Professional.


Please enter your comment!
Please enter your name here