How 'Big 4' Nations' Cyber Capabilities Threaten the West

Russia, China, Iran, and North Korea pose significant cyber threats to Western nations.

Jack Alexander, Senior Threat Intelligence Consultant, Quorum Cyber

February 9, 2024

5 Min Read
Flags of China, Iran, Russia, and North Korea
Source: Ruma Aktar via Alamy Stock Photo

COMMENTARY

There are four nations deemed by the US and UK governments to pose the greatest threat to the West. They're called the "Big Four": Russia, China, Iran, and North Korea.

Each nation has its own overarching threat behaviors and agenda to meet its ruling government's ambitions on the world stage. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on influence operations, and North Korea's on financial gain.

Events of the 20th century, developments since the dawn of the millennium, and the intense geopolitics since the start of 2022 have contributed to recent actions taken by the Big Four. Industry analysts see plenty of evidence to link cybersecurity offenses around the globe to nation state-sponsored groups associated with these four countries. 

Russia

A multitude of geopolitical factors have influenced Russia's actions in recent years, including NATO's expansion east across Europe to Russia's borders and NATO's support for Ukraine. 

Russia is forming greater economic and military partnerships with China, Iran, and North Korea to boost its economy and resupply its military hardware. After Europe closed its door to Russian oil, the country had to sell its natural resources to developing Asian markets. As a result, India imported 40% of discounted oil from Russia in 2023, up from just 3% two years earlier. Strong economic dependencies often produce an uptick in cyber-espionage operations due to the need for foreign policy information surrounding these deals.

As Russia is engaged in open warfare, the state has conducted a growing number of overt attacks. Reports indicate that 16 different "families" of wiper malware have been used against Ukraine over the past 12 months, up from just one instance in the previous two years. ESET senior researcher Anton Cherepanov stated, "this is the most intense use of wipers in all computer history."

Notably, the United States, Germany, and the United Kingdom are the world's top donors of Ukrainian military aid and are also the most targeted nations outside of Ukraine.

China

In 2023, China emerged as the world's second great power, with extensive ambitions to further its influence by way of global infrastructure investment through the Belt and Road Initiative and political domination of East Asia. China is assessed to be the most advanced threat nation in terms of both cyberattacks and cyber-espionage capabilities. Its strategic interests reside in:

  • Preserving the existence and legitimacy of the Chinese Communist Party (CCP) by reunification with Taiwan.

  • Protecting China's national interests, including expansion of its territorial claims in the South China Sea.

  • Asserting China's power globally.

These strategic interests are realized in several key areas. First, in 2015, China announced its Made in China 2025 plan, which aims to advance China's manufacturing base by rapidly developing 10 high-tech industries. If China can create advanced semiconductors, the Taiwanese monopoly on semiconductor manufacturing will be severely undermined and thus one of the main deterrents for a possible Chinese invasion will be removed.

China also aims to emerge on the world stage as a hard counter to Western (and particularly US) dominance. As former US Cybersecurity and Infrastructure Security Agency (CISA) director Gen. Keith Alexander said, China is undertaking "the greatest transfer of intellectual wealth in history."

Iran

Iran's modern political landscape began in 1979 with the toppling of the monarchy and the accession of the religious-based Islamic Republic. Since then, Iran has cemented itself as a strong state with great influence in the Middle East. 

Iran's cyber characteristics fall into two categories: offensive operations and actions to exert influence to bolster the government. Since June 2022, multiple Iranian threat groups have deployed cyber-enabled influence operations (IO). This combines offensive operations with messaging in a coordinated and manipulative fashion to further Iran's geopolitical objectives by shifting perceptions, behaviors, and decisions towards the regime.

In addition, tensions have been significantly high with Israel, leading to economic and covert military support to Hezbollah in Lebanon and Hamas in the Palestinian areas.

In 2022, Iran's cyber capabilities were considered the most basic of the Big Four. However, in 2023, Iranian state actors used increasingly sophisticated tradecraft, rolling out a larger number of custom implants and becoming much faster at exploiting the latest exploits. These demonstrate a clear jump in Iranian cyber capabilities.

North Korea

A state of war has technically existed between North Korea and South Korea since 1950: The countries never signed a peace deal in the Korean War, only a ceasefire agreement. The North Korean leadership sees the state's and the Kim regime's survival as under direct threat from the United States and its allies. To shield itself from the perceived threat of imminent invasion, the Kim government has built a deterrent by aiming thousands of artillery pieces at South Korea's capital, Seoul, and by developing nuclear weapons and intercontinental ballistic missiles.

This aggressive tactic has led to strict economic sanctions, inhibiting the outside world from trading with North Korea. In response, the state has conducted numerous financially motivated attacks and crypto heists to steal money to prop up the government and fund weapons. It also runs intellectual property theft operations. The United States is by far the most targeted nation, accounting for over 40% of targeting over the past 12 months. Second and third are South Korea and Japan respectively.

What Lies Ahead?

In the next 12 months, around two-thirds of eligible citizens in democratic nations will have the opportunity to vote in presidential or national elections. So, cyber-influence campaigns targeting elections are expected to increase throughout 2024 by all Big Four nations.

About the Author

Jack Alexander

Senior Threat Intelligence Consultant, Quorum Cyber

Jack Alexander is Senior Threat Intelligence Consultant at Quorum Cyber. He has eight years' experience in the British Royal Navy where he held roles including Electronic Warfare Director of both HMS Lancaster and HMS Kent, Senior Strategic Middle East Intelligence Analyst and Lead Cyber Threat Intelligence Analyst for the Cyber Protection Team. Jack has a BA (Hons) degree in Intelligence and International Relations.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights