From trade wars to cyber wars in modern era

In December 2024, the US Bureau of Industry and Security imposed a new set of export controls on Chinese companies, escalating tensions between the two countries to a new level. After Beijing retaliated with a ban on export of rare earth metals, the matter apparently receded – but only to be fought in cyber space.

A couple of weeks ago, the US Treasury department reported a hacking incident where they accused a Chinese Advanced Persistent Threat (APT) actor of accessing treasury department's computers remotely. Instead of directly hacking the department's infrastructure, the APT actor compromised a third-party service provider BeyondTrust for API keys to remotely access Treasury department's assets. Under the Federal Information Security Modernisation Act (FISMA) of 2014, all US state departments must file a comprehensive report about attack vectors, the impact on operations and the incident response actions taken, if an APT actor is found involved in hacking.

Till the final report of cyber inquiry is published in public domain, it is hard to tell what the modus operandi of the APT group was. However, the US's cyber capabilities leave a lot to be desired. In September 2024, a severe cyber attack on US telcos including AT&T, Verizon, T-Mobile and Lumen Technologies was discovered that had been targeting high-profile targets including presidential candidates for months.

The attack was attributed to another Chinese APT actor Salt Typhoon, which is known to conduct cyber espionage campaigns in the US and Europe.

Termed the "largest telecommunications hack in nation's history," it enabled hackers steal telephone audio intercepts and large database of call histories. By utilising weakness in known VPNs, firewalls and Microsoft exchange servers, it infiltrated using a custom-designed malware called GhostSpider.

The US Cyber Safety Review Board (CSRB) held first meeting in December and according to its estimates, the cyberattack and espionage by Salt Typhoon may have been going on as far back as 2022. The attack piggy-backed off a system used by law enforcement agencies to carry out legal wiretaps.

This telco hack is way too advanced as compared to recent cyberattacks by state-sponsored APT groups of Russia, North Korea and Iran.

For example, in December, the pro-Russian hacker group NoName057(16) affected websites of many Italian airports using the "Distributed Denial of Service (DDoS) attacks" but the attack was mitigated within two hours. No flights were affected, and it was business as usual, mostly.

The same Russian group also attacked UK council websites as well as Belgian government and airport sites in October 2024. A similar attack on Taiwan's government and commercial sites was also observed but, in all cases, no considerable damages or disruptions were reported. All victims of NoName057 APT group were pro-Ukraine and anti-Russia in the Russia-Ukraine war.

However, another APT group, the Cyber Army of Russia Reborn (CARR), targeted the Supervisory Control and Data Acquisition (Scada) systems of Indiana's Tipton west wastewater treatment plants recently. In October, the American Water Works Company in New Jersey was also attacked while in September, the water treatment facility in Arkansas City, Kansas was forced to switch to manual systems.

Though most of these Russian cyberattacks were not as impressive as those conducted by Salt Typhoon, they had been good enough to get noticed by Romanian courts.

The Romanian constitutional court has ruled that the Romanian presidential election in November must be scrapped due to the evidence of Russian interference, estimated at over 85,000 cyberattacks.

Access credentials for Romanian election sites were leaked onto Russian hacker forums days before the first round of presidential election. In December, we saw Romanian President Iohannis declassifying intelligence files that showed how Russians boosted the campaign of a far-right candidate using social engineering, leaks and sophisticated hacks.

The court's ruling is highly controversial though, but it does highlight the growing concerns about hacking democracies and managing public opinions in cyberspace.

The truth, however, remains that the lines of modern-day cyber warfare are very much blurred and nuanced as it now deploys a "full spectrum" of modern warfare to achieve social, political, geostrategic and economic goals. The combined effect of cyber engineering is no less than trade restrictions and sanctions – if not more.

The writer is a Cambridge graduate and is working as a strategy consultant