Recent Cyber Events and Possible
Implications for Armed Forces
#3 – June 2020
About this paper
This paper is the collaborative view of NATO CCDCOE researchers highlighting the potential effects
on the military of current events and of developments in cyberspace during the previous month,
based on publicly available information. It does not set out to be exhaustive. While the authors have
made every effort to describe events from a perspective relevant to NATO and partner nations, there
may be national and regional differences which this paper does not address.
The authors of this paper are independent researchers at the NATO CCDCOE; they do not represent
NATO, nor does this paper reflect NATO’s position. The aim of the paper is not to replace information
about vulnerabilities and incidents provided by CSIRTs and providers of CIS products and services.
1. Targeted threats against the
military and national security
APT uses one breached government
organisation to attack others
‘After five years under the radar, the Naikon
APT group has been unmasked in a long-term
espionage campaign against several
governments in the Asia-Pacific region. […]
Specifically targeted are government minis-
tries of foreign affairs, science and tech-
nology, and government-owned companies.’
(Threatpost, 7 May 2020)
‘Interestingly, the group has been observed
expanding its footholds on the various
governments within APAC by launching
attacks from one government entity that has
already been breached, to try and infect
another.’ (Check Point Research, 7 May
2020).
The modus operandi of this APT is interesting
and clearly shows how defence in depth is
important and how even otherwise trusted
parties can pose a risk of malware infections.
For example, the Check Point report mentions
an embassy unknowingly sending malware-
infected documents back to its home country.
Air-gapped refers to a computer or network of
computers with no network connection to any
other systems. The lack of network connections
makes such systems more difficult to reach for an
attacker.
Since the cybersecurity posture of different
organisations can vary a great deal, this tactic
may be effective in reaching targets that may
otherwise be difficult to breach.
Air-gapped systems not as secure as
one may believe
‘Cybersecurity researcher Mordechai Guri
from Israel's Ben Gurion University of the
Negev recently demonstrated a new kind of
malware that could be used to covertly steal
highly sensitive data from air-gapped and
audio-gapped systems using a novel acoustic
quirk in power supply units that come with
modern computing devices.’ (The Hacker
News, 4 May 2020)
Air-gapped
systems are common in military
installations and national security systems
and are generally considered much more
secure than systems connected to the internet
or other public networks.
The article quoted above is one example of
how information may be exfiltrated from an air-
gapped system. Over the years, researchers
have presented several similar techniques
using radio waves, light or sound generated
by malware. Even though not all these
techniques are practical in every situation,
