Geopolitical Unrest Creates Breeding Ground for Cyberattacks

Dark blue Earth from space with blue connecting arcs

Although issues surrounding COVID-19 continue to dominate mainstream media, threat actors appear to be making use of other geopolitical events to launch attacks.

As detailed in NETSCOUT’s 2H 2021 Threat Report, the total number of distributed denial-of-service (DDoS) attacks did decrease from 5.4 million in 1H 2021 to 4.4 million in the second half of the year, totaling 9.8 million DDoS attacks for all of 2021. As such, most geographical regions experienced decreases in attacks during 2H 2021. But a notable exception to this rule is the Asia Pacific (APAC) region, which accounted for more than 1.2 million attacks during that timeframe—a 7 percent increase from 2H 2021. This becomes even more significant in light of the fact that the past three Threat Intelligence reports chronicle back-to-back declines for that region.

One likely reason is the geopolitical tensions between China, Hong Kong, and Taiwan—as well as hostility against countries that support democratic governments in the APAC region. To better understand the ways in which cyberattacks are used in relation to geopolitical events, consider the following attacks or incidents related to the APAC region during 2H 2021:

  • In mid-July, the People's Republic of China (PRC) was publicly condemned for a series of cyberattacks, including ransomware, cyberextortion, and cryptojacking, in an effort to steal trade secrets, business information, intellectual property, and vaccine research. The U.S. government, the European Union (EU), NATO, and the Five Eyes—an intelligence alliance made up of the U.S., U.K., Australia, Canada, and New Zealand—leveled the charges against four Chinese nationals believed to be part of APT40, a group linked to the PRC Ministry of State Security.
  • In November, the director for Taiwan's cybersecurity department said that the country’s government agencies are hit with 5 million cyberattacks and probes every day. Taiwanese officials claim China has increased cyberattacks targeting Taiwan’s government and businesses in direct proportion to China’s efforts to make democratic Taiwan part of its own territory.
  • In December, the Microsoft Digital Crimes Unit (DCU) announced that it had been given the authority to seize websites related to Nickel, a China-based hacking group that was attacking organizations in the U.S. and 28 other countries. A U.S. District Court approved shutting down the sites, blocking Nickel’s access to victims and preventing it from using websites to launch attacks. The move was made in response to evidence that the attacks were waged to gather intelligence from government agencies, think tanks, and human rights organizations.
  • Also in December, at least 13 organizations in sectors that include defense, healthcare, energy, and transportation were targeted by a suspected Chinese cybersecurity campaign that was investigated by the National Security Agency (NSA) and our partner organization, Palo Alto Networks’ Unit 42 division. The breach was made possible via vulnerable software used by more than 600 U.S. organizations, including universities, state and local governments, and healthcare organizations.

Note: At the time of this blog post, the Russian-Ukrainian conflict is still happening. Prior to and during this time, the NETSCOUT ATLAS Security Engineering and Response Team (ASERT) has been monitoring DDoS attacks targeting both Russian and Ukrainian assets.

As these examples illustrate, DDoS attacks often are forms of geopolitical protest and waged to impact the governments and vital organizations of countries around the world.

Learn more about the regional attack trends in the 2H 2021 Threat Report