16Iran, China, and DPRK Cyber Operations and Tools
16.1 China, DPRK, and Iran Cyber Operations and Tools
China, the DPRK, and Iran are known to perform cyber operations, often with an economic or espionage focus. For example, in Section I, we looked at the development of Chinese cyber operations from patriotic hacktivists to strategic espionage collections. Similarly, Iran attempted to shut down international finance and oil production in the wake of STUXNET. The DPRK, however, is more focused on money, said to fund up to 1/3 of their nuclear weapons program through cyber theft. While the impact of each of these cyber operations is unprecedented in the pre‐cyber age, each player’s methods and tools have parallels in a focus on tradecraft with limited technical development.
16.1.1 Chinese Cyber Operations
Chinese cyber operations include a heavy reliance on tradecraft. For example, Operation Night Dragon (2011–2013), a probing of U.S. critical infrastructure systems, was an unexpected cyber surveillance operation that relied heavily on social engineering for system access.
16.1.1.1 2011—2013 Operation Night Dragon (CISA, 2021) (China)
While technical tools are important, especially when keeping track of the most recent vulnerability exploits (e.g., zero days), a lot of cyber targeting still focuses on the people running the networks and their system‐level access. For example, with the U.S. announcing a “pivot to Asia” in 2011, Chinese cyber actors stepped up their attacks, ...
Get Cyber Operations now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
