Cyber threats surge as nation-states team up with cybercrime groups

The recently released 2024 Threat Hunter Perspective report by OpenText has identified a growing collaboration between nation-states and cybercriminal organisations. This development is particularly targeting global supply chains and advancing geopolitical motives, resulting in an increase in both the complexity and scale of cyberattacks.

The report highlights that several nation-states, notably Russia and China, are engaging with cybercrime groups such as Killnet and Storm0558. These partnerships are geared towards exploiting vulnerabilities in global supply chains and targeting geopolitical objectives. Such alliances are allowing threat actors to execute more organised and advanced cyberattacks.

Steve Stavridis, the Regional Vice President of APAC SMB Sales at OpenText Cybersecurity, commented on the report, stating, "The 2024 OpenText Threat Hunter Perspectives report highlights the growing sophistication of cyber threats, with APAC businesses increasingly in the crosshairs. As AI-driven attacks and collaborations between nation-states and cybercriminals rise, the report underscores a clear message for APAC: proactive defence is no longer optional - it's critical."

He emphasised the necessity for organisations in the Asia-Pacific region to employ advanced technologies and integrate with global threat intelligence to safeguard their digital economies.

The report also underscores the timing of attacks, noting that adversaries often align cyber activities with significant events such as national elections and military aid distributions. These events could serve as potential catalysts for further global instability through cyberspace.

Muhi Majzoub, Executive Vice President and Chief Product Officer at OpenText, remarked, "Our threat intelligence and experienced threat hunting team have found that nation-states are not slowing down and, as notable events like the U.S. presidential election get closer, every organisation in the global supply chain needs to be on high alert for advanced and multiple cyberattacks."

Majzoub stressed the importance for enterprises to enhance their adversarial signals, threat intelligence, and defensive capabilities in response to these rising threats.

The report details specific nation-state collaborations, noting that Russia has been working with malware-as-a-service gangs like Killnet, Lokibot, Ponyloader, and Amadey. Meanwhile, China has partnered with cybercrime rings including Storm0558 and Volt Typhoon, often in pursuit of its geopolitical interests in the South China Sea.

This strategic collaboration is marked not only by shared targets but also by a marked increase in attack sophistication. The report points out the significance of events like the upcoming U.S. presidential election as potential focal points for cyberattacks, alongside the ongoing military aid efforts to Ukraine.

Another critical aspect identified in the report is the exploitation of weak security infrastructures among nations with less robust cyber defences. Countries such as the Democratic Republic of Congo, Argentina, and Nigeria, among others, have been noted as having compromised systems, making them potential launch points for large-scale attacks.

These findings reflect an urgent need for global businesses, especially those within critical supply chains, to reconsider their defensive postures, focusing not only on incident response but also on anticipation and prevention strategies. The OpenText report suggests that adapting global best practices alongside local expertise could lead to more resilient cybersecurity frameworks capable of confronting these emerging threats.