Geopolitical Unrest Creates Breeding Ground for Cyberattacks

As detailed in NETSCOUT’s 2H 2021 Threat Report, the total number of distributed denial-of-service (DDoS) attacks decreased from 5.4 million in the first half of  2021 to 4.4 million in the second half of the year, totaling 9.8 million DDoS attacks for all of 2021. Most geographical regions experienced decreases in attacks during the second half of  2021. But a notable exception was the Asia Pacific (APAC) region, which had  more than 1.2 million attacks during this timeframe – a 7% increase from the second half of  2021. This becomes even more significant in light of the fact that the past three Threat Intelligence reports chronicle back-to-back declines in  this region.

One likely reason is the geopolitical tensions between China, Hong Kong, and Taiwan – as well as hostility against countries that support democratic governments in the APAC region. To better understand the ways  cyberattacks are used in relation to geopolitical events, consider the following attacks or incidents related to the APAC region during this period.

• In mid-July, the People’s Republic of China (PRC) was publicly condemned for a series of cyberattacks, including ransomware, cyberextortion, and cryptojacking, in an effort to steal trade secrets, business information, intellectual property, and vaccine research. The US. government, the European Union (EU), NATO, and the Five Eyes- the intelligence alliance made up of the US, UK, Australia, Canada, and New Zealand – leveled the charges against four Chinese nationals believed to be part of APT40, a group linked to the PRC Ministry of State Security.
• In November, the director for Taiwan’s cybersecurity department said that the country’s government agencies were being hit with 5 million cyberattacks and probes every day. Taiwanese officials claim China has increased cyberattacks targeting Taiwan’s government and businesses in direct proportion to China’s efforts to make democratic Taiwan part of its own territory.
• In December, the Microsoft Digital Crimes Unit (DCU) announced it had been given the authority to seize websites related to Nickel, a China-based hacking group that was attacking organizations in the US and 28 other countries. A US District Court approved shutting down the sites, blocking Nickel’s access to victims and preventing it from using websites to launch attacks. The move was made in response to evidence  the attacks were waged to gather intelligence from government agencies, think tanks, and human rights organizations.  
• Also in December, at least 13 organizations in sectors that include defense, healthcare, energy, and transportation were targeted by a suspected Chinese cybersecurity campaign that was investigated by the National Security Agency (NSA) and our partner organization, Palo Alto Networks’ Unit 42 division. The breach was made possible via vulnerable software used by more than 600 US organizations, including universities, state and local governments, and healthcare organizations.

As these examples illustrate, DDoS attacks are often  forms of geopolitical protest and waged to impact  governments and vital organizations of countries around the world.

Note: At the time of this blog post, the Russian-Ukrainian conflict is still happening. Prior to and during this time, the NETSCOUT ATLAS Security Engineering and Response Team (ASERT) has been monitoring DDoS attacks targeting both Russian and Ukrainian assets.

Learn more about the regional attack trends in the 2H 2021 Threat Report