Attacks and Vulnerabilities
Critical infrastructure
Malware, Phishing & Ransomware
News
Reports

ODNI’s 2024 Threat Assessment: China, Russia, North Korea pose major cyber threats amid global instability

March 13, 2024
ODNI's 2024 Threat Assessment: China, Russia, North Korea pose major cyber threats amid global instability

In its 2024 Annual Threat Assessment, the Office of the Director of National Intelligence (ODNI) highlighted the growing fragility of the global order. The ODNI report expects that China remains the most active and persistent cyber threat to the U.S. government, private sector, and critical infrastructure networks. At the same time, Russia will pose an enduring global cyber threat even as it prioritizes cyber operations for the Ukrainian war. It also highlighted that North Korea will increasingly engage in illicit activities, including cyber theft, labor deployments, and the import and export of UN-proscribed commodities, to fund regime priorities such as the WMD program.

Over the next year, the U.S. is expected to confront rapidly evolving strategic competition among major powers, escalating and unpredictable transnational challenges, and numerous regional conflicts with extensive implications. It also detailed that transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services, and exposing sensitive data. 

Important U.S. services and critical infrastructure such as healthcare, schools, and manufacturing continue to experience ransomware attacks; however, weak cyber defenses, coupled with efforts to digitize economies, have made low-income countries’ networks also attractive targets, according to the ODNI report. 

Furthermore, the emergence of inexpensive and anonymizing online infrastructure combined with the growing profitability of ransomware has led to the proliferation, decentralization, and specialization of cybercriminal activity. This interconnected system has improved the efficiency and sophistication of ransomware attacks while also lowering the technical bar for entry for new actors.

Transnational organized criminals sometimes cease operations temporarily in response to high-profile attention, law enforcement action, or disruption of infrastructure, although group members also find ways to rebrand, reconstitute, or renew their activities. Absent cooperative law enforcement from Russia or other countries that provide cybercriminals a haven or permissive environment, mitigation efforts will remain limited.

The ODNI report assesses that Beijing’s cyber espionage pursuits and its industry’s export of surveillance, information, and communications technologies increase the threats of aggressive cyber operations against the U.S. and the suppression of the free flow of information in cyberspace. PRC operations discovered by the U.S. private sector probably were intended to pre-position cyber attacks against infrastructure in Guam and to enable disrupting communications between the U.S. and Asia.

The ODNI report evaluates that if Beijing believed that a major conflict with the U.S. was imminent, it would consider aggressive cyber operations against U.S. critical infrastructure and military assets. Such a strike would be designed to deter U.S. military action by impeding U.S. decision-making, inducing societal panic, and interfering with the deployment of U.S. forces.

China leads the world in applying surveillance and censorship to monitor its population and repress dissent. Beijing conducts cyber intrusions targeted to affect U.S. and non-U.S. citizens beyond its borders, including journalists, dissidents, and individuals it views as threats, to counter views it considers critical of CCP narratives, policies, and actions.

ODNI said that Moscow views cyber disruptions as a foreign policy lever to shape other countries’ decisions and continuously refines and employs its espionage, influence, and attack capabilities against a variety of targets. Russia maintains its ability to target critical infrastructure, including underwater cables and industrial control systems (ICS), in the U.S. as well as in allied and partner countries.

The ODNI report also pointed out that Iran’s growing expertise and willingness to conduct aggressive cyber operations make it a major threat to the security of U.S. and allied and partner networks and data. Tehran’s opportunistic approach to cyberattacks puts U.S. infrastructure at risk of being targeted, particularly as its previous attacks against Israeli targets show that Iran is willing to target countries with stronger cyber capabilities than itself. Iran will continue to conduct malign influence operations in the Middle East and other regions, including trying to undermine U.S. political processes and amplify discord.

Ahead of the U.S. election in 2024, Iran may attempt to conduct influence operations aimed at U.S. interests, including targeting U.S. elections, having demonstrated a willingness and capability to do so in the past.

During the U.S. election cycle in 2020, Iranian cyber actors obtained or attempted to obtain U.S. voter information sent threatening emails to voters, and disseminated disinformation about the election. The same Iranian actors have evolved their activities and developed a new set of techniques, combining cyber and influence capabilities, that Iran could deploy during the U.S. election cycle in 2024.

The ODNI report stated that North Korea’s cyber program will pose a sophisticated and agile espionage, cybercrime, and attack threat. Pyongyang’s cyber forces have matured and are fully capable of achieving a variety of strategic objectives against diverse targets, including a wider target set in the U.S. and South Korea.

North Korea will continue its ongoing cyber campaign, particularly cryptocurrency heists; seek a broad variety of approaches to launder and cash out stolen cryptocurrency; and maintain a program of IT workers serving abroad to earn additional funds.

Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) unveiled its 2024 planning agenda for the Joint Cyber Defense Collaborative (JCDC), specifically addressing the growing cyber threats originating from China against critical infrastructure installations. The agenda aims to bolster cybersecurity efforts and enhance collaborative efforts in countering these threats.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings