China, Russia, North Korea, and Iran continue to pose significant cybersecurity threats to the US, because each is capable of launching disruptive attacks, according to a report published 13 April 2021 by the Office of the Director of National Intelligence.
Threats include disinformation campaigns that target elections and try to undermine democratic institutions as well as aggressive hacking campaigns, such as the SolarWinds supply chain attack, according to the report. In many cases, criminal gangs that maintain mutually beneficial relationships with nation-states pose a threat to the US, the report notes.
"Foreign states use cyber operations to steal information, influence populations, and damage industry, including physical and digital critical infrastructure," according to the unclassified document. "Although an increasing number of countries and non-state actors have these capabilities, we remain most concerned about Russia, China, Iran, and North Korea."
The Office of the Director of National Intelligence released the "Annual Threat Assessment of the US Intelligence Community" report Tuesday ahead of several congressional hearings scheduled this week that will examine a range of threats to the US. The first of these hearings is scheduled for this week before the US Senate Select Committee on Intelligence, and the leaders of the FBI, CIA, and the National Security Agency are slated to testify.
The report follows a pair of assessments released in March by ODNI and the Department of Homeland Security that confirmed Russia and Iran attempted to interfere in the 2020 presidential election through disinformation campaigns. But the agencies also found no attempt by foreign hackers to directly manipulate vote tabulations or results.
Previous reports over the last several years have also pointed to China, Russia, North Korea and Iran as posing the most significant cyber threats to US citizens and the federal government. "Beijing, Moscow, Tehran, and Pyongyang have demonstrated the capability and intent to advance their interests at the expense of the United States and its allies, despite the pandemic," ODNI says in its new report.
The report also notes that as these four nations attempt more aggressive cyber campaigns, other nation-states could be emboldened to attempt similar operations.
China: The nation's cyber capabilities, as well as its investment in newer technologies, continue to grow. As a result, China is capable of launching "localized, temporary disruptions to critical infrastructure" in the US-China also conducts cyber intrusions that affect US citizens beyond the country's borders, including hacking journalists and stealing personal information.
Russia: This country continues to target critical infrastructure, including undersea cables and industrial control systems. "Russia almost certainly considers cyberattacks an acceptable option to deter adversaries, control escalation and prosecute conflicts," ODNI says in the report, which notes the nation was likely responsible for the SolarWinds supply chain attack.
North Korea: While its cyber capabilities are not as expansive as Russia's or China's, North Korea can disrupt US critical infrastructure as well as software supply chains. The country is focused on targeting financial institutions and cryptocurrency exchanges both in the US and elsewhere.
Iran: This nation has ramped up its cyber operations and can now target US infrastructure. Iran is spreading disinformation and conducting more sophisticated cyber espionage campaigns, ODNI says.
The report also builds on the assessments released earlier this year that several of these countries are seeking to undermine faith in US democratic institutions and elections through the use of disinformation as well as by attacking journalists and religious minorities.
"Democracies will continue to debate how to protect privacy and civil liberties as they confront domestic security threats and contend with the perception that free speech may be constrained by major technology companies," the report states. "Authoritarian and illiberal regimes, meanwhile, probably will point to democracies’ embrace of these tools to justify their own repressive programs at home and malign influence abroad."
Red Sky Alliance has been analyzing and documenting these types of cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge. Many past tactics are often dusted off and reused in current malicious campaigns. Red Sky Alliance can provide actionable cyber intelligence and weekly blacklists to help protect your network.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or email@example.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings