The National Information Systems Security Agency (ANSSI) published on March 8 its overview of the computer threat in 2021. The Agency, in charge of cyber defense and assistance to the most critical French operators, recalls, ” While for-profit attacks have occupied the media scene, they should not overshadow the espionage campaigns, which are by their very nature less visible, and those conducted with the aim of computer sabotage. “.
States hide in the shadow of cybercriminals according to ANSSI
In 2021, ANSSI became aware of 1,082 intrusions against operators deemed vital or essential for France. This figure is up 37% over one year. Of that total, 203 involved ransomware, one of the most publicized forms of attacks during the year.
At least 6 US states victims of a very active group of Chinese hackers
This tool is certainly very popular with cybercriminals, because it is particularly lucrative, but it can also be used by state actors. One of the well-documented cases is that of North Korea. The country, isolated on the international scene, recovers liquidity through this type of cyberattack. A 2021 United Nations report states that the regime stole $316 million worth of digital assets in 2020.
Money is not the only ransom that hackers can demand during a cyberattack. For the first time, in 2021, ransomware was used for political purposes in India. It was intended to protest against agrarian reform. It is also through this channel that the Belarusian Cyber-Partisans group came to demand the release of political prisoners in Belarus and slow down the arrival of Russian forces in the territory.
China, cyberspy’s nest
The usual techniques of cybercrime, phishing, ransomware, can be reused by state entities, this is one of the points on which ANSSI insists. A spy campaign against French organizations in 2021, the APT31 modus operandi, did just that.
Espionage, discreet in essence, is the threat par excellence that ANSSI combats. In 2021, “ of the 17 cyber defense operations handled by ANSSI, 14 were linked to computer espionage operations “. Rare thing for the Agency, a country is indirectly singled out in its publication.
She explains that of the 14 cases of espionage, 9 of them involved “reputable Chinese operating methods”. Added to this is ” out of 8 major incidents, 5 concern reputable Chinese Attack Operating Modes “. On the day of the report’s release, cybersecurity firm Mandiant accused a Chinese hacker group, APT41, suspected of being under Beijing’s orders, of hacking into at least 6 US states. For US intelligence, China is the largest, most active and persistent cyber espionage threat for the United States.
Cyberattacks also threaten infrastructure
After money, intrusions for espionage purposes, remains the most feared risk of cyberattack, often staged in the cinema, the destabilization of critical infrastructure.
In fact, ransomware affecting hospitals in France has disrupted their operations and put the lives of their patients in danger. Similarly, the Colonial Pipeline attack in May 2021 temporarily cut off fuel supplies to the US East Coast.
In France, Emmanuel Macron intervened in February after yet another attack to strengthen the country’s cybersecurity. The United States has decided to go even further, by placing ransomware on the level of terrorism. Several groups have been dismantled and some of their protagonists arrested thanks to international cooperation.
For ANSSI, this could encourage the mass of cybercriminals to avoid critical structures where they can simply steal information. Only groups sufficiently endowed, capable of ensuring their anonymity will risk it. State actors are the first among them.
Particularly serious cases of hacking have also been noted. In April 2020, a sewage management facility was attacked in Israel, with no consequences. Iran, held responsible, suffered a counter-attack. One of its ports has seen its cargo flow regulation systems cut. In a case close to that of Israel, in 2021 US cybersecurity agencies reported that a drinking water treatment plant had been infiltrated, “ They allegedly manipulated the level of sodium hydroxide in a potential poisoning attempt “.
National and international events in France make it a potential target fears ANSSI
These extreme cases seem rather rare and above all linked to failures in cybersecurity measures. However, the ANSSI warns ” Targeting of critical infrastructure by state-level actors is likely to continue, especially amid heightened geopolitical tensions “.
ANSSI continues to call for ” special vigilance of all stakeholders », while cybersecurity finally appears to be taken seriously beyond specialized circles. The approach of major events in France, the legislative and presidential elections this year, the 2023 Rugby World Cup, the 2024 Olympics ” will be as many events as the attackers will seek to exploit warns the ANSSI.