Getty ImagesNewsGoogle: Cyber crime meshes with cyber warfare as states enlist gangsA report from the Google Threat Intelligence Group depicts China, Russia, Iran and North Korea as a bloc using cyber criminal gangs to attack the national security of western countriesByBrian McKenna,Enterprise Applications EditorPublished: 12 Feb 2025 0:01 Cyber crime has evolved to become a threat to the security of western states, according to a threat intelligence report from Google, published on the eve of the 2025 Munich Security Conference.This coming weekend marks the 61st edition of the Atlanticist conference, which was inaugurated in 1963 to facilitate collaboration between West Germany and the US, as well as other Nato countries.The Google Threat Intelligence Groups report, Cyber crime: A multifaceted national security threat, says western policymakers should be taking cyber criminality just as seriously as operations conducted by nation states.Ben Read, a senior manager at the group, said: The vast cyber criminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states. These capabilities can be cheaper and more deniable than those developed directly by a state. These threats have been looked at as distinct for too long, but the reality is that combating cyber crime will help defend against state-backed attacks.The report looks at how nation states hostile to the North Atlantic countries, such as Russia, China, Iran and North Korea, are increasingly co-opting cyber criminal groups to forward their geopolitical and economic ambitions. It also looks at the deep societal impact of cyber crime, from economic destabilisation to its toll on critical infrastructure, including healthcare.Healthcares share of posts on data leak sites has doubled over the past three years, according to the report. One example it gives is how, in March 2024, the Russian Anonymous Marketplace (RAMP) forum actor badbone, who has been associated with the INC ransomware gang, sought illicit access to Dutch and French medical, government and educational organisations, stating that they were willing to pay 2-5% more for hospitals, particularly those with emergency services.The report sheds light into how what it calls the Big Four Russia, China, Iran and North Korea have used cyber crime, including ransomware usage, to enable espionage.It states that Russia has mobilised its cyber criminals to spy and mount disruptive operations in support of the war with Ukraine. It says GRU-linked APT44 (aka Sandworm), a unit of Russian military intelligence, has employed malware available from cyber crime communities to conduct espionage and disruptive operations in Ukraine.Another example the report gives is UNC2589, a threat cluster whose activity has been publicly attributed to the Russian General Staff Main Intelligence Directorate (GRU)s 161st Specialist Training Center (Unit 29155). This, says the report, has conducted full-spectrum cyber operations, including destructive attacks, against Ukraine.And Russian group CIGAR (aka RomCom), a group that has focused on cyber crime, has conducted espionage operations against the Ukrainian government since 2022, according to the report.The reports authors say CIGARs expansion from cyber crime into espionage activity likely supporting Russian state objectives began in October 2022, when it conducted a phishing campaign targeting Ukrainian military-related entities. CIGAR continued, says the report, to conduct intrusion activity targeting primarily Ukraine and Europe through 2023 and 2024, including campaigns leveraging zero-days in Microsoft Word, Firefox and Windows.The report says China augments its spying operations by using advanced persistent threat groups like APT41 to mix ransomware deployment with intelligence collection. Deliberately mixing ransomware activities with espionage intrusions supports the Chinese governments public efforts to confound attribution by conflating cyber espionage activity and ransomware operations.APT41 is said to work from China and is most likely a contractor for the Ministry of State Security. In addition to state-sponsored espionage campaigns against a wide array of industries, APT41 is said to have a long history of conducting financially motivated operations. The groups cyber crime activity has mostly focused on the video game sector, including ransomware deployment.The report also suggests that Irans economic difficulties could be behind ransomware and hack-and-leak operations by cyber criminals.The report highlights what it characterises as a North Korean regime policy of stealing cryptocurrency to fund missile development and nuclear programmes, as well as everyday operational costs.It contends that the effects of cyber crime extend beyond stolen money or data breaches. These erode public trust, destabilise essential services, and, in the most severe cases, cost lives, say the authors. They maintain that the growing convergence of cyber crime and state-sponsored hacking requires robust action on par with the threat posed by nation-state adversaries.The reports authors argue: The collaborative nature of cyber crime means that a disrupted group will be quickly replaced by others offering the same service. Achieving broader success will require collaboration between countries and public and private sectors on systemic solutions such as increasing education and resilience efforts.Sandra Joyce, vice-president of the Google Threat Intelligence Group, said: Cyber crime has unquestionably become a critical national security threat to countries around the world. The marketplace at the centre of the cyber crime ecosystem has made every actor easily replaceable and the whole problem resilient to disruption. Unfortunately, many of our actions have amounted to temporary inconveniences for these criminals, but we cant treat this like a nuisance and we will have to work harder to make meaningful impacts.The group advocates that governments elevate cyber crime as a national security priority and emulate private sector best security practices. Ransomware and other forms of cyber crime predominantly exploit insecure, often legacy technology architectures.Read more about cyber crime and cyber warfareWhat is cyber warfare?Microsofts Digital defense report 2024 notes that Russia outsourced some cyber espionage operations against Ukraine to otherwise independent cyber crime gangs.Microsoft, OpenAI warn nation-state hackers are abusing large language models.In The Current Issue:Digging into the CMAs provisional take on AWS and Microsofts hold on UK cloud marketInterview: Digital tech fuels AutoTraders drive into the futureDownload Current IssueRethinking AIs place in the software stack Data MattersThe journey to Agentic AI impact in 2025 Data MattersView All Blogs