Cyber espionage attacks by state or para-state entities are on the increase, targeting European companies. They mainly target organisations that are essential to a country’s functioning or economy.

 

Consequences of geopolitical instabilities

An upsurge in state and para-state attacks

Since the war in Ukraine, conflicts in cyberspace have continued to intensify and the typology of cyberattackers has diversified. More and more state actors are using traditional cybercrime methods, such as ransomware, to target private or public organisations. As a result, it is becoming increasingly difficult to identify precisely the perpetrators of these malicious activities. What’s more, the techniques used are more sophisticated and therefore more effective, as they mobilise more resources and cause more damage. In fact, the fight against cyberespionage has been made one of the ANSSI‘s main missions for 2022. Cyber espionage can affect information systems for months without being noticed by organisations.

In 2022, 150 cyber-state attacks were recorded, 77% of which involved espionage operations. In 2023, the percentage has already risen to 83% of all state cyber attacks, even though the year is not yet over.

Mainly of Chinese or Russian origin, these state and para-state espionage attacks pursue different objectives, depending on the case:

  • the collection of confidential data,
  • computer or physical sabotage of a critical infrastructure
  • or political destabilisation.

Sensitive sectors particularly targeted by cyber espionage

Government organisations, businesses, public authorities and research institutes are among the prime targets of cyber espionage. It is from these organisations that cyber attackers can gather sensitive data linked to a nation’s economic, industrial or scientific activity. This can start by hacking into employees’ e-mail accounts to retrieve confidential information.

ANSSI recently stated that several cyber espionage attacks, targeting French companies in particular, had been carried out by the APT 28 (or Fancy Bear) hacker unit, which is close to the Russian military intelligence services. The attackers are said to have exploited several security flaws to infiltrate Outlook e-mail accounts between March 2022 and June 2023.

What are the consequences of cyber espionage?

Financial impact on businesses

Cyber espionage has a significant economic impact on companies. Firstly, the attack is generally discovered several months after the infiltration and is immediately publicised in the media. This damages the organisation’s image and leads to a loss of confidence on the part of its customers and partners. Industrial espionage can also lead to the loss of markets and the theft of data relating to the organisation’s intellectual property. All these factors can destabilise companies financially.

Damage to national interests

Moreover, spying on companies operating in critical sectors can pursue interests other than financial ones. For example, when it comes to infrastructures linked to the energy, ICT or health sectors, cyber espionage contributes to the destabilisation of a country in economic, social and even security terms.

Against a backdrop of war and the threat of terrorism, government agencies are targeting strategic sectors. In 2023, it was discovered that Mirage, a Chinese cyberthreat, had infiltrated the networks of the German Federal Agency for Cartography and Geodesy in December 2021. Although the type of information compromised is not yet known, this clearly demonstrates that these attacks can deeply corrupt a system and potentially take hold over time. 

 

Strengthening European cyber security is more essential than ever

With the NIS 2 or DORA Directive, Europe is now preparing to strengthen the cyber security of the most sensitive organisations, particularly in the face of cyber espionage.

State cyber-attacks also fall within the scope of national cyber-defence. Military cyber defence players are mobilising to defend the information systems of critical organisations, in order to prevent state or private organisations from being paralysed. Similarly, the DGSI contributes to cyber defence by detecting and identifying cyber interference by the state as early as possible.

The 2024 Olympic Games: a favourable context for destabilising companies

On the eve of the 2024 Olympic Games in Paris, the authorities are already warning of an “unprecedented level of risk of cyber attacks“, which could also target businesses, again with the aim of destabilising the host country.

Organisations in all essential and critical sectors need to be prepared for a potential cyber crisis. Technical cyber protection measures are expected, particularly to protect confidential communications and data. But it is also advisable to step up in-house training in good cybersecurity practices. Employees and managers are generally the first point of entry into a company’s IS in the event of cyber espionage.