In a world increasingly interconnected through technology, the lines between geopolitical motivations and cybercrime have become increasingly blurred. According to OpenText’s latest Threat Hunter Perspective 2024, a significant evolution in the threat landscape is underway, marked by unprecedented collaboration between nation-states and cybercriminal syndicates.
The report, released today, reveals how cyberattacks have grown in both scale and sophistication, with nation-states such as Russia and China now directly coordinating with organized crime rings to target global supply chains and influence political outcomes. “Our threat intelligence and experienced threat hunting team have found that nation-states are not slowing down and, as notable events like the U.S. presidential election get closer, every organization in the global supply chain needs to be on high alert for advanced and multiple cyberattacks,” said Muhi Majzoub, executive vice president and chief product officer of OpenText.
Cybercrime on the Rise: No Longer Just Petty Theft
The economic impact of cybercrime has reached eye-watering levels. Projections from Cybersecurity Ventures indicate that the cost of cybercrime will escalate to $9.5 trillion in 2024 and surge to $10.5 trillion by 2025. This increasing cost isn’t just due to the proliferation of attacks but also reflects their complexity. The combination of politically motivated entities and seasoned criminal groups has led to coordinated operations that are both multifaceted and destructive.
The implications for Chief Information Security Officers (CISOs) are clear: it’s no longer a matter of if an attack will happen but rather when, how, and who will be behind it. OpenText’s report emphasizes that effective threat hunting now involves understanding not only the technical aspects of an attack but also the geopolitical and strategic motivations of its perpetrators. Connecting these dots is key to improving defense strategies.
A Deepening Web of Collaboration
The Threat Hunter Perspective highlights several worrying trends in the threat landscape. Notably, it points to organized crime rings providing support to nation-states—whether through direct collaboration or indirect coordination—often targeting the same objectives simultaneously.
Russia, for instance, has collaborated with malware-as-a-service groups like Killnet, Lokibot, Ponyloader, and Amadey. Meanwhile, China has partnered with rings such as Storm0558, Red Relay, and Volt Typhoon, primarily to further its geopolitical agenda in the South China Sea. These partnerships represent a new kind of alliance where cybercriminal gangs effectively act as privateers in cyberspace, striking at the command of state actors.
The report’s findings underscore how global supply chains are especially at risk. Attackers are focusing on disruptions that could have widespread ripple effects, such as compromising port operations or targeting transportation networks. Such disruptions could have a critical impact—for instance, delaying military aid to Ukraine or interfering with other critical supply lines, all while evading direct confrontation.
The Top Threats: Patterns and Schedules
In addition to illuminating who is behind these cyberattacks, the report provides insight into the methods and timings of these operations. The top threats cited include Killnet, a group specializing in distributed denial of service (DDoS) attacks, Lokibot, an info-stealing malware, and Cobalt Strike, a penetration testing tool commonly repurposed by advanced persistent threat (APT) groups.
Nation-state actors have also displayed particular attack patterns. Russian cyberactivity typically follows a predictable weekday schedule, with notable spikes occurring within 48 hours of adversarial geopolitical announcements. In contrast, Chinese operations seem to lack such routine but often schedule data exfiltration attempts for Friday afternoons or weekends—a timing chosen to avoid detection, with data broken into smaller, less noticeable portions.
“Enterprises need to be prepared for large-scale attacks, making adversarial signals, threat intelligence, and defense capabilities more important than ever,” added Majzoub. Organizations must therefore take heed of these evolving tactics to strengthen their cyber defenses.
Evasion, Misdirection, and the Art of Masquerading
Another trend uncovered by OpenText is the increasing reliance on evasion tactics, misdirection, and masquerading to bypass security systems designed to stop direct attacks. Attackers are exploiting weaknesses in fundamental security practices, leaving many organizations exposed due to failure to implement basic countermeasures.
Many nations with weaker cyber defense infrastructure—including the Democratic Republic of Congo, Argentina, Iran, Nigeria, Sudan, Venezuela, and Zimbabwe—have been compromised. Their vulnerabilities provide fertile ground for large-scale attacks, and the lessons for enterprises everywhere are stark: weak links, whether within an organization or across the broader geopolitical landscape, make the entire system vulnerable.
The Road Ahead
With the 2024 U.S. presidential election drawing near, and geopolitical tensions simmering worldwide, the threat landscape is only set to intensify. Attackers have already shown a focus on specific events, whether they are global holidays, military aid deliveries, or moments of political upheaval. Cybercriminals have become adept at capitalizing on moments of distraction to launch their attacks, turning otherwise mundane dates into times of imminent peril.
The collaboration between nation-states and cybercrime rings adds a chilling layer of complexity to the current threat landscape. For organizations embedded in global supply chains, vigilance has become the watchword. The days when cybersecurity was simply a matter of IT hygiene are over. Today, effective defense requires an understanding of how international politics, organized crime, and sophisticated cyber tactics intersect.
As the digital era progresses, one thing is clear: collaboration between adversaries is growing stronger. Enterprises must, therefore, collaborate just as effectively to combat these threats—sharing intelligence, improving defenses, and recognizing that in this interconnected world, the cyber resilience of one depends on the resilience of all.