Cyber-assaults backed by governments: A fresh battleground
In the ever-evolving landscape of cybersecurity, a new wave of nation-state adversaries is emerging, posing a significant threat to organisations in Europe. These adversaries employ sophisticated tactics, including cyber-attacks, online infiltration, influence operations, and economic statecraft, to destabilise or extract strategic advantage from European targets.
Adversaries and Their Tactics
Sea Turtle (Turkey)
Known for cyber intrusions targeting critical infrastructure and government networks, Sea Turtle often exploits vulnerabilities in DNS systems to redirect traffic and conduct espionage or disruption. They use advanced persistent threats (APTs) to maintain long-term undetected access.
Ocean Lotus (Vietnam)
Ocean Lotus conducts cyber espionage focusing on Southeast Asia but with growing reach into Europe. They target organisations for intelligence gathering using malware, spear-phishing, and stealthy infiltration techniques to exfiltrate sensitive data.
Other Emerging Groups
Various nation-state backed actors from regions like Russia, China, and Iran have evolved their tactics using AI-enhanced malware, disinformation campaigns, and exploitation of supply chains to exert influence and infiltrate European networks.
Aims of These Adversaries
The aims of these adversaries include intelligence gathering, disruption and destabilisation, economic and technological control, and influence operations. They seek to gain strategic, political, or economic insights by infiltrating government, defence, energy, and critical infrastructure entities. They also aim to undermine EU cohesion and security through cyberattacks on vital systems, protect or advance national interests by stealing intellectual property or disrupting competitors, and exploit divisions within Europe politically and socially by spreading misinformation.
Securing a Business Against These Threats
To secure a business against these threats, it is crucial to strengthen the cybersecurity posture, conduct regular security audits and penetration testing, ensure supply chain security, cultivate employee awareness, align with evolving regulatory requirements, and collaborate with government bodies, law enforcement, and industry groups for threat intelligence sharing and coordinated response.
European internal security strategies like the EU's ProtectEU 2025 emphasise adapting to the integration of AI in serious crime and enhancing defence readiness to deter such adversaries, reinforcing that defensive efforts must evolve alongside the sophistication of these nation-state threats.
In summary, defending against this new frontier of nation-state adversaries requires a comprehensive approach combining technical cybersecurity measures, regulatory compliance, and international cooperation.
Experts recommend measures such as proper patching, multi-factor authentication, protecting sensitive data, implementing endpoint protection, disaster recovery, and having effective internal policies in place to manage the risk of a cyber incident.
Microsoft and OpenAI have warned that state-backed threat actors are already using generative AI to launch cyber attacks. North Korea's Lazarus group is a state-sponsored attacker responsible for breaching Sony in 2014 and the WannaCry virus in 2017. TrendMicro has tracked Earth Krahang since 2022 and states that the group builds VPN servers on infected public servers as a jumping-off point for brute force attacks.
[1] ProtectEU 2025: Enhancing EU's Cybersecurity Strategy. (n.d.). Retrieved February 27, 2023, from https://ec.europa.eu/info/strategy/priorities-digital-era/ensuring-european-cybersecurity/protecteu-2025_en
[2] European Union Agency for Cybersecurity. (n.d.). Retrieved February 27, 2023, from https://www.enisa.europa.eu/
[3] European Parliament. (2021, January 21). Retrieved February 27, 2023, from https://www.europarl.europa.eu/doceo/document/A-9-2021-0062_EN.html
[4] European Commission. (n.d.). Retrieved February 27, 2023, from https://ec.europa.eu/info/business-economy-euro/digital-single-market/digital-strategy/cybersecurity/cybersecurity-act_en
- To counter the increasing threats from nation-state adversaries like Sea Turtle and Ocean Lotus, organizations in Europe should implement endpoint protection and focus on bolstering their cybersecurity infrastructure.
- As state-backed threat actors like North Korea's Lazarus group are leveraging AI-enhanced malware and generative AI for cyber attacks, it's crucial for businesses to prioritize multi-factor authentication, data protection, and regular patching.
- In line with the EU's ProtectEU 2025 strategy, European businesses should collaborate with governments, law enforcement, and industry groups to share threat intelligence and coordinate responses, while also aligning with regulatory requirements to defend against sophisticated nation-state adversaries.
