Intelligence assessment warns of increasing cyber threats from China, Russia

The U.S. and its allies will face “a diverse array of threats” over the next year, most notably from China, Russia, Iran, and North Korea, an annual threat assessment from the U.S. intelligence community concluded on Tuesday.

The report was issued by the Office of the Director of National Intelligence ahead of congressional hearings on Wednesday and Thursday, which will include testimony from ODNI Director Avril Haines, CIA director William Burns, FBI director Christopher Wray, NSA director General Paul Nakasone, and other intelligence leaders. The hearings are typically an annual event, though officials under President Donald Trump did not participate last year after he criticized the 2019 testimony for being too rosy on Iran’s nuclear measures.

The report issued Tuesday suggests many topics will be on the agenda, including the ongoing COVID-19 pandemic, border escalations mainly involving China, and nuclear deals. But it also highlighted how each of the U.S.’s main adversaries are enhancing and exercising their cyber capabilities to influence elections, disrupt critical infrastructure, and steal technology.

China

China, which was described in the report as increasingly “a near-peer competitor” to the U.S., poses a “prolific and effective cyber-espionage threat” with substantial capabilities to conduct attacks. In addition to its surveillance and IP theft capabilities, the report warned that Beijing is capable of attacks that could potentially cripple the U.S.’s most important assets.

“We continue to assess that China can launch cyber attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States,” the report said.

Beijing-linked hacks have compromised telecommunications firms, managed services providers, and widely-used software products, which can give nation-state attackers a foothold that can be used for future attacks, influence operations, or espionage.

The report also highlighted a connection between China’s cyber espionage capabilities and its use of surveillance systems to monitor its population and repress its minority groups, including Uyghurs. “Beijing conducts cyber intrusions that affect U.S. and non-U.S. citizens beyond its borders… as part of its efforts to surveil perceived threats to [Chinese Communist Party] power and tailor influence efforts,” the report said, citing attacks against journalists and tools that allow free speech online.

Russia

While the report focused on China’s capabilities in cyberspace, it described Russia as a more immediate threat that is actively using its tools to wreak havoc.

“Russia continues to target critical infrastructure, including underwater cables and industrial control systems, in the United States and in allied and partner countries, as compromising such infrastructure improves—and in some cases can demonstrate—its ability to damage infrastructure during a crisis,” the report said.

The intelligence community earlier this year attributed the sprawling SolarWinds breach and subsequent compromise of government and private sector networks to Russia. Cybersecurity experts have linked the attack specifically to the country’s foreign intelligence service, and the intelligence chiefs are expected to discuss the incident in detail during their testimony over the next two days. John Hultquist, vice president of intelligence analysis at FireEye—the cybersecurity firm that spotted the first signs of the SolarWinds attack—said that the report reaffirms Russia's involvement in the attack.

Supply chain security mentioned, but more importantly, ODNI appears to be doubling down on Russian attribution for the Solar Winds intrusions here. 6/x pic.twitter.com/i0ydqpfpW8

— John Hultquist (@JohnHultquist) April 13, 2021

The report mentioned attempted Russian hacks in 2019 that targeted journalists and organizations that were investigating Russian government activity. In at least one case, the hackers leaked sensitive information about the target, in a similar fashion to the country’s hack-and-leak operation during the 2016 U.S. presidential election.

The report warned that Russia is willing to use its cyber capabilities to defend against what it sees as threats to the stability of the Russian government. “Russia almost certainly considers cyber attacks an acceptable option to deter adversaries, control escalation, and prosecute conflicts,” according to the report.

Iran

Iran poses a “significant” cyber threat to the U.S. for its willingness to conduct aggressive attacks against its foreign adversaries, but will most likely focus on online covert influence campaigns to spread disinformation and amplify anti-U.S. content, the report suggests.

For example, “Iran attempted to influence dynamics around the 2020 U.S. presidential election by sending threatening messages to U.S. voters, and Iranian cyber actors in December 2020 disseminated information about U.S. election officials to try to undermine confidence in the U.S. election.”

However, the country is also capable of conducting attacks on critical infrastructure, as seen in a period between April and July of last year when it launched multiple attacks against Israeli water facilities that caused short-term effects.

North Korea

Pyongyang’s cyber capabilities were given the shortest treatment in the report, though it described North Korea’s cyber program as “a growing espionage, theft, and attack threat.”

The country “probably” has the expertise to cause temporary, limited disruptions to some critical infrastructure and business networks in the U.S., and “may be able to conduct operations that compromise software supply chains,” the report said.

Several high-profile cyberattacks have been attributed to North Korea in the last decade, including the 2014 attack against Sony Pictures. More recently, cybersecurity experts have warned that the country is primarily using its cyber capabilities for financial gain—ransomware and digital bank heists give it a much-needed stream of income as the country deals with sanctions and trade restrictions. The report said North Korea has potentially stolen hundreds of millions of dollars from financial institutions and cryptocurrency exchanges worldwide, which may be used to fund its nuclear and missile programs.