Cyberwarfare statistics: A decade of geopolitical attacks

Updated on: 16 October 2019
Updated on:16 October 2019

There have been almost 500 documented geopolitical cyber attacks around the world since 2009. Making cyberwarfare a major technological threat to nations and their citizens.

In this article, we hope to break down some of the numbers and gain insight into the nature of these attacks, where they originate from, and who they’re targeting.

Key observations

  • Between 2009 and 2018 there was a 440% increase in global cyberwarfare attacks.
  • 30% originated in China or Russia.
  • 26.3% targetted the USA.
  • 27% of attacks on the USA occurred in 2018.

Geopolitical cyber attacks 2009 - 2019

Between 2009 and 2018 there was a 440% increase in global documented attacks.

The biggest increase in the number of attacks occurred in the last four years, with 2019 on-course to be the biggest year ever for geopolitical cyber attacks.

Global cyberwarfare attacks

The data combines state attacks on other states, individual and group attacks on states, and state attacks on internal individuals and groups.

Biggest sources of cyberwarfare attacks 2009-2019

By far the biggest actors on this scene are China and Russia, with almost 35% of Global attacks originating in either China or Russia. There have been 79 confirmed attacks on national governments that have originated in China, and 75 in Russia.

Next is North Korea and Iran, sharing 16% of global attacks, followed by the USA, where 3% of global attacks originated.

It’s extremely important to remember here, that due to the very nature of cyberwarfare and cyberespionage, many attacks go under the radar, so we don’t tend to hear about them.

Sources of cyberwarfare attacks excluding unknown

 

An interesting case is the apparent use of the Eternal Blue vulnerability that the NSA developed tools to exploit. These tools were detected by China and subsequently used during the massive ransomware attack on Baltimore in 2019. Of course questions have to be asked of the NSA, but – Microsoft patched this vulnerability in 2017, and Baltimore officials simply ignored it and failed to update their computers.

Now, it wasn’t until the NSA discovered that their tool had been used to develop ransomware that they alerted Microsoft to the critical vulnerability, so without that we would never have known about their attacks on China.

Attacks originating in China 2009 – 2019

Between 2009 and 2019 there have been 79 documented cyber attacks carried out by Chinese state-sponsored attackers, targeting 20 countries.

Evolution of attacks attributed to China

 

Targets of Chinese attacks

 

32% of China’s attacks were directed at the USA, making the USA by far the biggest target for Chinese hackers.

Hong Kong is also a frequent target of Chinese hackers, including (allegedly) the Telegram DDoS hack during the 2019 Hong Kong anti-government protests.

Chinese hacking efforts increased significantly in 2018, and continue to do so in 2019.

Attacks originating in Russia 2009 – 2019

Russian attackers targeted 19 countries in 75 incidents between 2009 and 2019.

The main target of Russia was the USA, but they also attacked 8 European Union countries, including a series of attacks on the German parliament.

Ukraine was also targeted frequently by Russia, suffering at least 9 attacks between 2017 and 2019, and several more attacks thought to be of Russian origin, such as the December 2015 attack on the country’s power grid, that shut down electricity supplies to residents of Kiev.

Evolution of attacks attributed to Russia

 

Russia quickly became highly active after 2014, with 47% of Russian attacks over the past decade being carried out in 2018.

Targets of Russian attacks

 

Attacks originating in North Korea 2009 – 2019

North Korea carried out 32 attacks against 9 countries between 2009 and 2019, with more than half occurring in 2017 and 2018.

12 North Korean attacks were against South Korea, including the December 2018 hack of the Hana refugee center, in which the personal data of over 1000 North Korean defectors was accessed.

North Korean attacks have also been aimed to circumvent UN sanctions in order to raise money for the country’s nuclear program.

Evolution of attacks attributed to North Korea

 

Targets of Nork Korean attacks

 

Attacks originating in Iran 2009 – 2019

Iran targeted 7 countries in 31 attacks, with 42% aimed at the USA.

Iran targeted Israel a number of times, including the March 2019 hack of former IDF cheaf and opposition leader Benny Gantz’ cellphone ahead of the parliamentary elections.

Other incidents originating in Iran include the June 2017 attack on British members of parliament, in which official email accounts were hacked, and the June 2019 hack of telecommunications services in Iraq, Pakistan, and Tajikistan

Evolution of attacks attributed to Iran

 

Targets of Iranian attacks

 

Attacks originating in the USA 2009 – 2019

The USA has been the source of at least 12 global cyber attacks over the past ten years, with half of those occurring in 2019.

Three of the known attacks originating from the USA targeted North Korea, with China and Iran being attacked twice each.

Chinese technology giant Huawei has been at the centre of controversy since early 2019 when the US government accused the firm of conducting espionage against American companies on behalf of the Chinese government. Huawei later accused the United States of attempting to infiltrate its networks and harassing its employees.

We also know of controversial ongoing cyber attacks on the Russian power grid, in what’s said to be a deterrent to Russia. Critics of the methods used say it risks making public utilities a legitimate target, and that the tactic could escalate quickly to a cold-war scenario.

Whilst the known attacks carried out by the USA are low, it is likely that there are many ongoing situations yet to be discovered.

Evolution of attacks attributed to the USA

 

Targets of USA attacks

 

Most frequent targets of cyberwarfare attacks 2009-2019

Targets of cyberwarfare attacks excluding unknown

 

The USA has been attacked a far greater number of times than any other nation, with 115 documented attacks originating in at least 7 countries.

Germany and South Korea each suffered at least 16 separate incidents, with attacks on Germany mainly originating in Russia and China, and those targeting South Korea originating in China and North Korea.

India was attacked mainly by Pakistan and China, while Ukraine was solely targeted by Russia.

The United Kingdom was attacked by Iran, China, Russia, and North Korea.

Attacks targeting the USA 2009 – 2019

Attacks against the USA have grown steadily over the past decade, with a sharp increase in 2017, which was almost doubled in 2018.

More than 50% of attacks targeting the USA originated in China or Russia, with a further 27.8% of unknown origin.

In July 2019 Microsoft reported that they had issued almost 800 notifications to political campaigns, NGOs, and think tanks of cyber attacks originating in Russia, China, Iran, and North Korea.

Evolution of attacks targeting the USA

 

Attackers targeting the USA

 

Attacks targeting Germany 2009 – 2019

Germany was attacked 16 times between 2009 and 2019, with 37.4% being attributed to Russia.

Russian hackers stole 16GB of data from the German parliament during a series of attacks against the country, in 2018. The attacks were first discovered by British and Dutch intelligence agencies. Russia denies the accusations.

German politicians were also targeted in 2019, when sensitive data of hundreds of public figures was published via Twitter in one of the biggest attacks against the country.

Evolution of attacks targeting Germany

 

Attackers targeting Germany

 

Attacks targeting South Korea 2009 – 2019

75% of attacks against South Korea were of North Korean origin, with at least 12 attacks coming from the rogue state. A further three attacks came from China, and one of unknown origin.

In 2011, Chinese hackers accessed personal data of 35 million South Koreans. The hack followed a series of Chinese attacks on South Korean financial institutes.

Attacks against South Korea have been occurring steadily over the past decade, with a slight increase in frequency after 2016.

Evolution of attacks targeting South Korea

 

Attackers targeting South Korea

 

Attacks targeting the UK 2009 – 2019

Attacks against the UK originated in China, Russia, Iran, and North Korea, along with one third of attacks being untraceable or of unknown origin.

In 2018, the so-called WannaCry attack targeted the UK’s National Health Service, crippling networks and costing the NHS £20m to clean up and a requiring a further £72m in upgrades to the network.

This attack used the same vulnerability discovered but not disclosed by the NSA.

Evolution of attacks targeting the UK

 

Iran has been seriously stepping up their cyberwarfare game in the past couple of years. The December 2018 attacks on the UK targeted government institutions and private companies, and resulted in the loss of thousands of employees personal details.

Attackers targeting the UK

 

Attacks targeting India 2009 – 2019

Out of a total of 14 major cyberwarfare attacks on India in the past decade, five were of unknown or undisclosed origin, while four each came from China and Pakistan, and one from North Korea.

One of the biggest data breaches in history occurred in 2018 when the Unique Identification Authority, India’s biometric ID system, was hacked and the personal data of over 1 billion people sold online.

Evolution of attacks targeting India

 

Attackers targeting India

 

Most frequent attacks

Frequent attacks

Frequent geopolitical cyber attacksSome countries come up time again as the source of cyberwarfare incidents, and some certainly seem to have their favourite target.

Between 2009 and 2019, Russia, China, and Iran attacked the USA a total of at least 72 times, accounting for around 15% of global attacks.

South Korea was attacked by North Korea on at least 12 occasions, and Ukraine by Russia at least 9 times.

Attacks on home-soil

It’s not just states attacking other states that we see, but also a rapid rise in internal attacks either carried out by the state on the people, such as in Egypt, or against the state by the country’s nationals.

Internal cyberattacs

USA

A hacker group with members from the USA was charged with the 2016 Securities and Exchange Commission breach, in which the group gained access to a filing system and used the information o make $4.1M in illegal trades.

Mexico

Colleagues and friends of murdered journalist, Javier Valdez, were targeted by a Mexican government agency using spy tool Pegasus. Starting in 2016, many of Mexico’s most prominent journalists were targetted, especially those that held the nation’s leaders accountable to the people.

United Arab Emirates

From 2016, a team of former US government intelligence operatives working for the UAE hacked into the iPhones of activists, diplomats, and rival politicians. The attack wasn’t aimed solely at those in the country. Attackers used Karma – a tool developed by the US intelligence service.

Egypt

Human rights activists and journalists were targeted in a spear-phishing campaign carried out by the Egyptian government. The attack used social engineering to trick targets into allowing a third party app to access their account using the user’s Gmail OAuth token. Once authorised, the attackers retain access even if the target changed their password.

Iran

Cybersecurity research organisation Checkpoint discovered that Iranian government agencies had targeted Kurdish and Turkish natives in Iran, along with suspected ISIS supporters, with spyware in order to collect sensitive information including phone call records, SMS, browser history, geo-location history, photos, videos, and more.

Turkey

Protesters in Turkey were targeted in 2018 by the government, using spyware developed by FinFisher. The spyware was aimed at activists, journalists, and members of the public involved in the March for Justice movement.

Vietnam

Attackers allegedly working for the Vietnamese government hacked computers of journalists, bloggers, and international workers in the country as part of a cyberespionage program denied by the government.

Philippines

Personal information of more than 50 million Filipinos was exposed after the countries electoral records database was hacked. The data, that included highly personal data including fingerprints, was stolen by the Anonymous Philippines group.

Czech Republic

Right wing groups in the Czech republic hacked the Prime Minister’s Twitter account and posted anti-immigrant messages, calling for a “White revolution”.

Conclusion

Cyberwarfare is an rapidly increasing threat across the globe, with documented attacks targeting 56 countries in the past 10 years. Using state of the art technologies, military and government agencies are focusing more and more resources on offensive and defensive mechanisms for cyberwarfare and geopolitical attacks.

The technology required for sophisticated cyber attacks is becoming more ubiquitous. As a result, it can only be assumed that the current trend of increasing frequency of cyberwarfare attacks will continue upward, and new state actors will continue to appear.

Sources and further reading


https://csis-prod.s3.amazonaws.com/s3fs-public/190211_Significant_Cyber_Events_List.pdf
https://www.hackmageddon.com/category/security/cyber-attacks-statistics/
https://cybermap.kaspersky.com/
https://www.weforum.org/agenda/2016/05/who-are-the-cyberwar-superpowers/

Written by: Joe Robinson

Connect with him:

Data privacy and cyber security expert. Joe has been working in the VPN field for over seven years, and has a passion for analysis and debate. He loves learning new technologies and software, and regularly uses everything from Kali Linux to Pro-tools. When not writing about digital security, Joe helps businesses improve their website usability and spends his free time playing guitar and reading about data science, IoT, and philosophy.

Leave a Reply

Your email address will not be published. Required fields are marked *