In this article, we hope to break down some of the numbers and gain insight into the nature of these attacks, where they originate from, and who they’re targeting.

There have been almost 500 documented geopolitical cyber attacks around the world since 2009. Making cyberwarfare a major technological threat to nations and their citizens.

Geopolitical cyber attacks 2009 - 2019 Between 2009 and 2018 there was a 440% increase in global documented attacks. The biggest increase in the number of attacks occurred in the last four years, with 2019 on-course to be the biggest year ever for geopolitical cyber attacks. Global cyberwarfare attacks The data combines state attacks on other states, individual and group attacks on states, and state attacks on internal individuals and groups. Tip: You can use a VPN service to hide your internet activity from your ISP.

Biggest sources of cyberwarfare attacks 2009-2019 By far the biggest actors on this scene are China and Russia, with almost 35% of Global attacks originating in either China or Russia. There have been 79 confirmed attacks on national governments that have originated in China, and 75 in Russia. Next is North Korea and Iran, sharing 16% of global attacks, followed by the USA, where 3% of global attacks originated. It’s extremely important to remember here, that due to the very nature of cyberwarfare and cyberespionage, many attacks go under the radar, so we don’t tend to hear about them. Sources of cyberwarfare attacks excluding unknown An interesting case is the apparent use of the Eternal Blue vulnerability that the NSA developed tools to exploit. These tools were detected by China and subsequently used during the massive ransomware attack on Baltimore in 2019. Of course questions have to be asked of the NSA, but – Microsoft patched this vulnerability in 2017, and Baltimore officials simply ignored it and failed to update their computers. Now, it wasn’t until the NSA discovered that their tool had been used to develop ransomware that they alerted Microsoft to the critical vulnerability, so without that we would never have known about their attacks on China. Attacks originating in China 2009 – 2019 Between 2009 and 2019 there have been 79 documented cyber attacks carried out by Chinese state-sponsored attackers, targeting 20 countries. Evolution of attacks attributed to China Targets of Chinese attacks 32% of China’s attacks were directed at the USA, making the USA by far the biggest target for Chinese hackers. Hong Kong is also a frequent target of Chinese hackers, including (allegedly) the Telegram DDoS hack during the 2019 Hong Kong anti-government protests. Chinese hacking efforts increased significantly in 2018, and continue to do so in 2019. Tip: If you are in China and want to unblock YouTube videos, you can use a VPN. Attacks originating in Russia 2009 – 2019 Russian attackers targeted 19 countries in 75 incidents between 2009 and 2019. The main target of Russia was the USA, but they also attacked 8 European Union countries, including a series of attacks on the German parliament. Ukraine was also targeted frequently by Russia, suffering at least 9 attacks between 2017 and 2019, and several more attacks thought to be of Russian origin, such as the December 2015 attack on the country’s power grid, that shut down electricity supplies to residents of Kiev. Evolution of attacks attributed to Russia Russia quickly became highly active after 2014, with 47% of Russian attacks over the past decade being carried out in 2018. Targets of Russian attacks Tip: Can’t access sites in Russia due to Fortiguard? Learn how to bypass Fortiguard web filtering in this guide.

Attacks originating in North Korea 2009 – 2019 North Korea carried out 32 attacks against 9 countries between 2009 and 2019, with more than half occurring in 2017 and 2018. 12 North Korean attacks were against South Korea, including the December 2018 hack of the Hana refugee center, in which the personal data of over 1000 North Korean defectors was accessed. North Korean attacks have also been aimed to circumvent UN sanctions in order to raise money for the country’s nuclear program. Evolution of attacks attributed to North Korea Targets of Nork Korean attacks Attacks originating in Iran 2009 – 2019 Iran targeted 7 countries in 31 attacks, with 42% aimed at the USA. Iran targeted Israel a number of times, including the March 2019 hack of former IDF cheaf and opposition leader Benny Gantz’ cellphone ahead of the parliamentary elections. Other incidents originating in Iran include the June 2017 attack on British members of parliament, in which official email accounts were hacked, and the June 2019 hack of telecommunications services in Iraq, Pakistan, and Tajikistan Evolution of attacks attributed to Iran Targets of Iranian attacks Attacks originating in the USA 2009 – 2019 The USA has been the source of at least 12 global cyber attacks over the past ten years, with half of those occurring in 2019. Three of the known attacks originating from the USA targeted North Korea, with China and Iran being attacked twice each. Chinese technology giant Huawei has been at the centre of controversy since early 2019 when the US government accused the firm of conducting espionage against American companies on behalf of the Chinese government. Huawei later accused the United States of attempting to infiltrate its networks and harassing its employees. We also know of controversial ongoing cyber attacks on the Russian power grid, in what’s said to be a deterrent to Russia. Critics of the methods used say it risks making public utilities a legitimate target, and that the tactic could escalate quickly to a cold-war scenario. Whilst the known attacks carried out by the USA are low, it is likely that there are many ongoing situations yet to be discovered. Evolution of attacks attributed to the USA Targets of USA attacks Tip: Can’t access ITV in the USA? Read this guide on how to watch ITV in the USA.

Most frequent targets of cyberwarfare attacks 2009-2019 Targets of cyberwarfare attacks excluding unknown The USA has been attacked a far greater number of times than any other nation, with 115 documented attacks originating in at least 7 countries. Germany and South Korea each suffered at least 16 separate incidents, with attacks on Germany mainly originating in Russia and China, and those targeting South Korea originating in China and North Korea. India was attacked mainly by Pakistan and China, while Ukraine was solely targeted by Russia. The United Kingdom was attacked by Iran, China, Russia, and North Korea. Attacks targeting the USA 2009 – 2019 Attacks against the USA have grown steadily over the past decade, with a sharp increase in 2017, which was almost doubled in 2018. More than 50% of attacks targeting the USA originated in China or Russia, with a further 27.8% of unknown origin. In July 2019 Microsoft reported that they had issued almost 800 notifications to political campaigns, NGOs, and think tanks of cyber attacks originating in Russia, China, Iran, and North Korea. Evolution of attacks targeting the USA Attackers targeting the USA Attacks targeting Germany 2009 – 2019 Germany was attacked 16 times between 2009 and 2019, with 37.4% being attributed to Russia. Russian hackers stole 16GB of data from the German parliament during a series of attacks against the country, in 2018. The attacks were first discovered by British and Dutch intelligence agencies. Russia denies the accusations. German politicians were also targeted in 2019, when sensitive data of hundreds of public figures was published via Twitter in one of the biggest attacks against the country. Evolution of attacks targeting Germany Attackers targeting Germany Attacks targeting South Korea 2009 – 2019 75% of attacks against South Korea were of North Korean origin, with at least 12 attacks coming from the rogue state. A further three attacks came from China, and one of unknown origin. In 2011, Chinese hackers accessed personal data of 35 million South Koreans. The hack followed a series of Chinese attacks on South Korean financial institutes. Attacks against South Korea have been occurring steadily over the past decade, with a slight increase in frequency after 2016. Evolution of attacks targeting South Korea Attackers targeting South Korea Attacks targeting the UK 2009 – 2019 Attacks against the UK originated in China, Russia, Iran, and North Korea, along with one third of attacks being untraceable or of unknown origin. In 2018, the so-called WannaCry attack targeted the UK’s National Health Service, crippling networks and costing the NHS £20m to clean up and a requiring a further £72m in upgrades to the network. This attack used the same vulnerability discovered but not disclosed by the NSA. If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3 — Edward Snowden (@Snowden) May 12, 2017 Evolution of attacks targeting the UK Iran has been seriously stepping up their cyberwarfare game in the past couple of years. The December 2018 attacks on the UK targeted government institutions and private companies, and resulted in the loss of thousands of employees personal details. Attackers targeting the UK Attacks targeting India 2009 – 2019 Out of a total of 14 major cyberwarfare attacks on India in the past decade, five were of unknown or undisclosed origin, while four each came from China and Pakistan, and one from North Korea. One of the biggest data breaches in history occurred in 2018 when the Unique Identification Authority, India’s biometric ID system, was hacked and the personal data of over 1 billion people sold online. Evolution of attacks targeting India Attackers targeting India

Most frequent attacks Some countries come up time again as the source of cyberwarfare incidents, and some certainly seem to have their favourite target. Between 2009 and 2019, Russia, China, and Iran attacked the USA a total of at least 72 times, accounting for around 15% of global attacks. South Korea was attacked by North Korea on at least 12 occasions, and Ukraine by Russia at least 9 times.

Attacks on home-soil It’s not just states attacking other states that we see, but also a rapid rise in internal attacks either carried out by the state on the people, such as in Egypt, or against the state by the country’s nationals. USA A hacker group with members from the USA was charged with the 2016 Securities and Exchange Commission breach, in which the group gained access to a filing system and used the information o make $4.1M in illegal trades. Mexico Colleagues and friends of murdered journalist, Javier Valdez, were targeted by a Mexican government agency using spy tool Pegasus. Starting in 2016, many of Mexico’s most prominent journalists were targetted, especially those that held the nation’s leaders accountable to the people. United Arab Emirates From 2016, a team of former US government intelligence operatives working for the UAE hacked into the iPhones of activists, diplomats, and rival politicians. The attack wasn’t aimed solely at those in the country. Attackers used Karma – a tool developed by the US intelligence service. Egypt Human rights activists and journalists were targeted in a spear-phishing campaign carried out by the Egyptian government. The attack used social engineering to trick targets into allowing a third party app to access their account using the user’s Gmail OAuth token. Once authorised, the attackers retain access even if the target changed their password. Iran Cybersecurity research organisation Checkpoint discovered that Iranian government agencies had targeted Kurdish and Turkish natives in Iran, along with suspected ISIS supporters, with spyware in order to collect sensitive information including phone call records, SMS, browser history, geo-location history, photos, videos, and more. Turkey Protesters in Turkey were targeted in 2018 by the government, using spyware developed by FinFisher. The spyware was aimed at activists, journalists, and members of the public involved in the March for Justice movement. Vietnam Attackers allegedly working for the Vietnamese government hacked computers of journalists, bloggers, and international workers in the country as part of a cyberespionage program denied by the government. Philippines Personal information of more than 50 million Filipinos was exposed after the countries electoral records database was hacked. The data, that included highly personal data including fingerprints, was stolen by the Anonymous Philippines group. Czech Republic Right wing groups in the Czech republic hacked the Prime Minister’s Twitter account and posted anti-immigrant messages, calling for a “White revolution”.