Recent Cyber Events and Possible
Implications for Armed Forces
#1 – April 2020
About this paper
This paper is the collaborative view of NATO CCDCOE researchers highlighting the potential effects
on the military of current events and of developments in cyberspace during the previous month,
based on publically available information, but it does not set out to be exhaustive. While the authors
have made every effort to describe events from a perspective relevant to NATO and partner nations,
there may be national and regional differences which this paper does not address.
The authors of this paper are independent researchers at the NATO CCDCOE; they do not represent
NATO, nor does this paper reflect NATO’s position. The aim of the paper is not to replace information
about vulnerabilities and incidents provided by CSIRTs and providers of CIS products and services.
1. COVID-19 changes the cyber
landscape
NATO CyOC: ‘A global challenge exists with
COVID-19 impacting a number of areas.
Cyberspace is no different. Where most seek
solutions to mitigate or resolve the crisis,
others see opportunity. Cyberspace actors are
quick to spread malware and launch attacks,
attempting to capitalise on the public’s need
for information during the coronavirus
outbreak.’
European External Action Service (EEAS):
‘The coronavirus is a relentless and daily topic
in pro-Kremlin media, including state-owned
outlets. As of 19 March, the East StratCom
Task Force has collected over 110 corona-
related disinformation cases in the public
EUvsDisinfo database since 22 January 2020.
These messages are characteristic of the
Kremlin’s well-established strategy of using
disinformation to amplify divisions, sow
distrust and chaos, and exacerbate crisis
situations and issues of public concern’.
Foreign Policy Research Institute: ‘It is not
surprising […] that the Kremlin, even if it has
not explicitly commissioned a disinformation
campaign, sees value in having its news and
information outlets push narratives that seek
to accelerate discord and disunity among
NATO members. Depending on the course of
the pandemic, we could very easily see a new
Russian information campaign. Such a
campaign would target publics in southern
and western Europe and would question the
value of an alliance which was ineffective in its
response to the virus but which demands that
they be prepared to risk conflict with Russia—
while also sowing more doubts in both NATO
and non-NATO neighbors about how much
faith they are willing to place in alliance
guarantees.’
The Hacker News: ‘The direct impact of the
Coronavirus is a comprehensive quarantine
policy that compels multiple organizations to
allow their workforce to work from home to
maintain business continuity. This inevitably
entails shifting a significant portion of the
workload to be carried out remotely,
introducing an exploitable opportunity for
attackers.’
Impact
Increased remote working
One of the most noticeable effects of the
spread of COVID-19 is the dramatic increase
in remote working. An unprecedented number
of people are working from home and holding
meetings via teleconferencing solutions such
as Zoom, Skype or Teams.
The quick switch to this mode of working has
created new vulnerabilities and risks and
malicious actors have not been slow in
identifying this and attempting to capitalise on
