It’s easy to forget, but nearly two decades have passed since the first documented state-attributed cyberattack. In 2007, Estonia’s infrastructure was crippled, likely by Russia, following a diplomatic dispute. Three years later, malware targeting Iranian centrifuges was discovered and named Stuxnet. While the field of cyber warfare still feels like a new frontier, the children born in the year Estonia was attacked will be enlisting next year—some of them to develop new cyber tools.
When the first instances of cyber warfare surfaced, one of the biggest concerns was the lack of rules or restraints. Apocalyptic predictions warned of poisoned water supplies, rigged elections, remote power plant explosions, derailed trains, missile launches, and more. Fortunately, little of that has come to pass.
There are many reasons why cyber warfare hasn’t wreaked global havoc yet. Some of the initial fears were unfounded—many critical systems aren’t actually connected to the internet, and targeted attacks like the one on Iranian centrifuges are far from easy.
Smartphone hacking, for example, has become a peculiar case. Scandals surrounding private hacking companies like NSO, along with consumer outrage over privacy violations by internet giants, have pushed the two most popular mobile operating systems to become fortresses of cybersecurity. Though some companies continue to hack smartphones, it's become much harder in recent years. However, a 2024 review of global cyberattacks still gives reason for concern. While you can read about the state of cyber warfare in Israel [here], this article will focus on other major global fronts.
Russia-Ukraine
The most active cyberwar front today is undoubtedly the ongoing battle between Russia and Ukraine, part of the broader conflict since Russia's February 2022 invasion. Both nations have continuously traded cyber blows. This year, some of the most significant disclosed attacks were actually Ukrainian. Early in the year, Ukrainian hackers claimed to have erased 2 petabytes (over 2 million gigabytes) of data and disabled the Planeta supercomputer, a Russian meteorological research institute aiding military satellite image analysis. The Ukrainians estimated the damage at $10 million.
However, Ukraine’s most impactful attacks on Russia occurred this summer, when they targeted Russian banks. For several days, customers at some of Russia’s largest banks couldn’t withdraw cash or access online banking services. Ukrainian hackers also briefly shut down operations at key Russian airports.
While these attacks might seem minor and don’t affect critical national infrastructure like energy systems, they serve to remind Russian citizens—many of whom rely on state propaganda for news—that their country is at war, and they, too, are in the crosshairs.
China
Western intelligence reports indicate China remains highly active in cyber warfare, but for Beijing, this is a cold war of espionage against the world. Chinese military units and semi-governmental organizations constantly hack foreign entities to steal information and test the vulnerabilities of critical infrastructure in other nations.
Due to the sheer volume of these operations, only two examples will be highlighted. First, in July, a rare joint statement was issued by numerous security agencies from the U.S., Australia, the U.K., Canada, New Zealand, Germany, South Korea, and Japan. It exposed the tactics of a group known as APT40 (Advanced Persistent Threat), which operates with state backing. The report detailed methods and warning signs for organizations to defend against APT40, even recounting two anonymous breaches.
The second example, from just days ago, comes from a Wall Street Journal report. It claims that a Chinese group didn’t just hack American telecom companies like AT&T and Verizon—they also infiltrated a system used by U.S. security agencies to wiretap calls (with court orders). If true, this breach targeted one of the most secure communications networks in the country. With China, much remains in the shadows. The country has little incentive to showcase offensive capabilities now, but given its recent technological advances, it’s not hard to imagine its cyber arsenal rivaling that of Western nations.
Iran
In recent months, Iran seems to be positioning itself as the primary meddler in U.S. elections, surpassing even Russia. While Russia occasionally tries, it was reportedly Iranian hackers who accessed materials from Donald Trump’s campaign. They attempted to leak this information to U.S. media outlets, but so far, there hasn’t been much interest in what they obtained—mostly internal communications and background research on J.D. Vance before Trump chose him as a running mate.
Blurred lines between state and private sector
What’s equally alarming is the blurred line between state-sanctioned actions and what individual hackers can achieve. We saw this dynamic in the early days of the internet, but security systems eventually improved enough to make significant breaches require the kind of resources only nation-states could provide.
However, the rise of cloud services and the advent of artificial intelligence, combined with the explosion in the number of software platforms used by modern organizations, have brought us back to an era where individual hackers can cause enormous damage.
One recent example is Judiche, a hacker believed to be Canadian, who exploited leaked password lists to infiltrate accounts on the Snowflake platform. Snowflake hosts cloud data for major companies, and Judiche used the information he stole—including personal details of AT&T customers—to extort millions of dollars. He’s far from the only one. Last month, a young hacker was arrested for breaking into London’s public transportation system; a hacker known as Menelik stole data from 49 million Dell customers; and a Russian hacker group extorted $22 million from the U.S. health services provider Change after stealing private customer information.
The economic damage from these attacks is staggering. According to the World Economic Forum (WEF), the global cost of cyberattacks in 2023 was $11.5 trillion. In 2024, it's expected to exceed $14 trillion, and the year isn't even over.
So, are we nearing a point where we can’t distinguish between a state-sponsored cyberattack and one launched by an individual? In some areas, that line blurred years ago. For now, though, there still seems to be a threshold for the kind of large-scale attacks that require state-level resources. And perhaps that’s for the best.
Get the Ynetnews app on your smartphone: