As NATO gathers for its historic summit, the Alliance faces an expanding and sophisticated range of cyber threats. From state-sponsored espionage to disruptive attacks on critical infrastructure, cyber activity targeting NATO and its allies is increasing in scale, complexity, and impact. While the war in Ukraine has fueled many of these cyber activities, the challenges NATO faces will continue to evolve independently of the conflict. To address these threats, NATO must strengthen its cyber defenses and foster greater collaboration with the private sector and international allies.
Cyber Espionage: A Growing Threat
Cyber espionage has long been a major concern for NATO, with state-sponsored actors seeking to gather sensitive intelligence on military, diplomatic, and economic matters. This threat has intensified as adversaries use increasingly sophisticated tactics to penetrate NATO networks.
Russia remains a key player in cyber espionage. The group APT29 (also known as ICECAP) has been particularly active in targeting NATO members, focusing on diplomatic and political intelligence collection. APT29 is known for exploiting vulnerabilities in cloud environments and utilizing advanced social engineering techniques. This group has been linked to several high-profile breaches, including attacks on technology companies that provide services to NATO governments, enabling them to compromise third-party suppliers.
China has also stepped up its cyber espionage efforts. Chinese actors are now focusing on stealthy, low-profile attacks that avoid traditional detection methods. They have been exploiting zero-day vulnerabilities—flaws unknown to software vendors—in security devices and critical infrastructure, which are harder to detect and mitigate. In 2023, Chinese groups exploited 12 zero-day vulnerabilities, some in security products that were directly related to NATO’s defense networks. This highlights the growing sophistication of Chinese cyber operations and the shifting nature of cyber espionage in the region.
Disruptive Cyberattacks
In addition to espionage, NATO faces a significant risk from disruptive and destructive cyberattacks. These attacks, which aim to cripple critical infrastructure or cause widespread damage, have become more common and dangerous in recent years. Russia, Iran, and other state actors are increasingly willing to carry out cyber operations that have the potential to impact not only military assets but civilian services as well.
One notable example is APT44, a Russian cyber group linked to the Russian military intelligence agency, which has carried out disruptive operations like the NotPetya attack, which caused massive financial damage worldwide. APT44’s recent campaigns include deploying ransomware to target logistics companies in Poland and Ukraine. These attacks demonstrate a growing willingness to disrupt supply chains, potentially impacting NATO’s military operations and assistance to Ukraine.
In addition to state-sponsored actors, hacktivists—politically motivated hackers—have also become a significant concern. These groups, while often less technically sophisticated than state-backed actors, can still cause substantial disruptions. Hacktivist groups like Cyber Army Russia Reborn (CARR) have targeted critical infrastructure in NATO countries, including water supplies in the U.S., Poland, and France. While hacktivist attacks are often more symbolic, they can create a perception of insecurity, which may have broader political implications.
The rise of cybercrime, especially ransomware attacks, is another growing concern for NATO. Cybercriminals have increasingly targeted essential sectors like healthcare, energy, and government services, creating severe disruptions. Hospitals in the U.S. and Europe have been frequent targets, leading to delays in patient care and operational shutdowns. Even actors from North Korea, known for using cybercrime to fund their operations, have been linked to ransomware attacks that threaten critical infrastructure.
Information Operations and Disinformation
Information operations have become a significant aspect of cyber threats against NATO, particularly in the context of disinformation campaigns aimed at influencing public opinion and destabilizing political institutions. These operations often work in tandem with cyber espionage and aim to erode trust in NATO, its member states, and its policies.
Russian information operations have been particularly active. Prigozhin’s disinformation network, which survived after the death of its founder in 2023, continues to push pro-Russian narratives online. These campaigns seek to discredit NATO’s leaders and undermine the Alliance’s unity, particularly in the context of its support for Ukraine. These operations are designed to fracture public support for NATO, playing on existing political divisions within member states.
The Ghostwriter/UNC1151 campaign, believed to be sponsored by Belarus, targets NATO’s eastern members, including Poland, Lithuania, and Latvia. This operation has spread anti-NATO propaganda and attempted to destabilize regional governments by creating false narratives. For example, Ghostwriter falsely claimed that NATO troops were responsible for spreading COVID-19 in Latvia, highlighting how cyber actors use misinformation to sow distrust in both NATO and local governments.
COLDRIVER, another Russian-linked group, uses information gathered through phishing campaigns to fuel its disinformation efforts. In 2022, it leaked documents to exacerbate political tensions in the UK over Brexit, demonstrating how espionage and disinformation are often intertwined.
Growing Role of the Private Sector
As cyber threats become more advanced, NATO must rely not only on its own resources but also on collaboration with the private sector. Technology companies, cybersecurity firms, and academic institutions possess critical expertise and capabilities that can help NATO defend against sophisticated cyber threats. Given that many of the tools, networks, and infrastructures that NATO relies on are owned or operated by private companies, it is essential to strengthen partnerships with these entities.
NATO’s ability to protect its systems depends on sharing information, responding to threats quickly, and leveraging the technological capabilities of the private sector to stay ahead of emerging cyber risks. Private companies have vast amounts of data on global cyber threats, and information-sharing across sectors will help identify trends, predict future attacks, and develop better defenses.
Collective Defense and Cyber Resilience
Cyber threats pose a unique challenge because they often bypass traditional military deterrence. As such, NATO must focus on building cyber resilience across its member states and their critical infrastructure. The Alliance must strengthen its ability to withstand and recover from cyberattacks, ensuring that even if one country is targeted, the overall functioning of NATO remains intact.
This involves both improving NATO’s own defenses and helping member states strengthen their cybersecurity frameworks. Given the interconnected nature of global infrastructure, it is not enough to focus solely on military systems; NATO must also address risks to energy, healthcare, and financial systems. Cyber resilience is a collective effort that requires cooperation among member states, private sector partners, and international allies.
Conclusion
NATO faces an increasingly complex and diverse set of cyber threats that range from espionage and destructive attacks to disinformation campaigns and cybercrime. As adversaries become more sophisticated, NATO’s defenses must evolve to address the full spectrum of cyber risks. Strengthening the Alliance’s cyber defense capabilities, fostering public-private partnerships, and enhancing cyber resilience across all sectors will be key to maintaining NATO’s security in the digital age.
The growing reliance on cyber operations by state and non-state actors presents a serious challenge, but it also provides an opportunity for NATO to lead in shaping global norms and standards for cybersecurity. By working together and leveraging the strengths of its member states and private sector allies, NATO can meet these challenges head-on and ensure the integrity and stability of its operations in the years to come.
(The writer is the founder & CEO of Shweta Labs)