Nation-state cyberattacks on critical infrastructure are becoming increasingly sophisticated and destructive, as highlighted by recent reports. In October 2024, attackers began exploiting vulnerabilities in Ivanti software used by critical sectors, including energy and transportation. These vulnerabilities allowed cyber actors to gain unauthorised access, move laterally within networks, and execute persistent attacks, sometimes even “patching” exploited systems to block other threat actors from entering the same vulnerabilities.
This latest wave of attacks fits into a broader pattern of nation-state actors targeting essential infrastructure globally. Russian, Chinese, Iranian, and North Korean hackers are often implicated in such attacks. Russia, for example, has been particularly aggressive in its use of cyber warfare, targeting Ukrainian and NATO-aligned infrastructure in attempts to disrupt energy, communications, and transportation systems. China’s espionage efforts have focused heavily on U.S. defence systems and partners in the South China Sea region, while Iranian actors have extended their reach, hitting not only Middle Eastern targets but also U.S. and EU-based critical sectors like ports and energy.
A significant concern in these attacks is the advanced tactics deployed. Attackers have used command injection and path traversal flaws to insert web shells and run malicious code, while also employing techniques like DNS tunnelling to exfiltrate data unnoticed. These attacks often come with a destructive intent, aiming to cripple services and cause widespread disruption.
Given the increasing dependency on digital infrastructure, nation-state attacks pose a serious threat to national security, economies, and the functioning of society. Governments and businesses need to prioritise robust cybersecurity strategies and invest in threat detection systems to safeguard critical infrastructure from these persistent and highly coordinated attacks.
This growing threat landscape underscores the need for stronger international cooperation in cybersecurity, along with improved defences and more frequent testing to identify and mitigate potential vulnerabilities before they are exploited by adversaries.
“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”
Aim Ltd Chief Technology Officer (CTO)