The Google Threat Intelligence Group report reveals the impact of cybercrime and its connection with state actors
Cybercrime is no longer just a problem of financial fraud or data loss: it has become one of the greatest threats to national security, economic stability, and digital sovereignty of countries. According to the latest report from the Google Threat Intelligence Group (GTIG), cyberattacks driven by economic motivations outnumbered state-sponsored attacks by nearly 4 to 1 in 2024. Despite their volume and severity, cybercrime continues to receive less attention from national security agencies compared to traditional state threats.
Today, ransomware, data theft, and the exploitation of critical vulnerabilities are affecting essential infrastructures such as hospitals, banks, tech companies, and government agencies, causing service disruptions and multimillion-dollar losses. Additionally, the relationship between criminal groups and governments has increased, using cybercrime as a tool for hybrid warfare and financing authoritarian regimes.
Cybercrime as a geopolitical tool: when governments turn to hackers
The GTIG report highlights how cybercriminal groups have evolved from mere digital thieves to become key actors in global conflicts. Increasingly, states use cybercrime to gather strategic information, influence public opinion, and destabilize rival economies.
The most alarming cases include:
1. Russia: the war in Ukraine and the use of hackers for misinformation and sabotage
Since the invasion of Ukraine in 2022, Russia has intensified its use of cybercriminal groups to launch espionage, sabotage, and misinformation attacks. Among the main actors:
- APT44 (Sandworm), linked to the Russian military intelligence service (GRU), has deployed malware previously used by ransomware groups to sabotage infrastructures in Ukraine and Eastern Europe.
- CIGAR (RomCom), originally a financial group, has evolved into government espionage on behalf of Russia.
The report details that over 60% of the malware used by these groups comes from cybercrimeCybercrime is a form of criminal activity that involves the use of computers and the internet., demonstrating the convergence between digital crime and state policy.
2. China: cyberespionage and intellectual property theft
China has employed cybercrime differently: its main interest lies in the theft of technological and commercial information. The group APT41, for example, has been identified as responsible for attacks on:
- U.S. and European tech companies to steal industrial secrets.
- Government agencies in Asia and Latin America to obtain strategic data on critical infrastructures.
In parallel, UNC2286 has been linked to financial extortions and the deployment of ransomware to cover espionage campaigns.
3. North Korea: cybercrime to finance the regime
Cybercrime has been a key source of funding for Kim Jong-un’s regime, with over $3 billion stolen in cryptocurrencies between 2017 and 2023.
The most active groups are:
- APT38, specialized in attacks against banks and financial institutions, with theft attempts exceeding $1.1 billion.
- UNC4899 (TraderTraitor), which has attacked blockchain and cryptocurrency companies.
Additionally, North Korea has sent thousands of undercover IT workers to foreign companies to infiltrate and obtain sensitive information.
The healthcare sector: a prime target of cybercrime
One of the most alarming findings of the report is the growing vulnerability of the healthcare sector. 30% of ransomware attacks in 2024 targeted hospitals and healthcare companies, jeopardizing not only sensitive information but also human lives.
Recent cases:
- Qilin (AGENDA), a ransomware group, announced in July 2024 that it would begin attacking hospitals in the U.S. Within weeks, several clinics and medical centers appeared on its data leak sites.
- A hospital in the Netherlands suffered an attack in March 2024, blocking the medical records of thousands of patients and forcing the cancellation of critical surgeries.
- An attack on the NHS in the UK in June 2024 led to the exposure of patient data, with reports indicating it caused permanent physical and psychological harm to some affected individuals.
According to a study from the University of Minnesota, mortality rates in hospitals increase by 35% to 41% after a ransomware attack.
The healthcare sector has become an attractive target due to:
- The urgency to restore systems, making them more likely to pay ransoms.
- The value of medical data on the dark web, used for fraud and extortion.
The economic impact of cybercrime: a rising crisis
Cyberattacks not only affect individual businesses but also generate economic consequences at the national and international level.
High-impact cases:
- Costa Rica (2022): The CONTI group attack paralyzed government systems, causing multimillion-dollar losses and requiring $25 million in cybersecurityCybersecurity solutions are essential in the digital age. assistance from the U.S.
- Colonial Pipeline (U.S., 2021): A ransomware attack halted fuel supply on the U.S. East Coast.
- Petro-Canada (2023): A similar attack affected fuel distribution in Canada.
Furthermore, the FBI estimates that only BEC (Business Email Compromise) fraud has caused losses of $55 billion since 2013.
Countries with less developed cyber infrastructures are the most vulnerable, with businesses and governments unable to recover data or defend against new attacks.
The proliferation of data leak sites
The report highlights that the number of data leak sites (DLS) has doubled since 2022, with cybercriminals threatening to publish stolen information to pressure victims into paying ransoms.
This model poses a critical risk to business competitiveness and national security, as it can expose:
- Financial and strategic data of companies.
- Personal information of millions of citizens.
- Intellectual property and confidential research.
Strategies to combat cybercrime: a call to action
The Google Threat Intelligence Group report concludes that governments need to reformulate their strategy to address cybercrime as a national security crisis.
Key recommendations:
- Increase investment in cybersecurity and create specialized units to respond to attacks in real-time.
- Strengthen international cooperation in the fight against ransomware and the trafficking of stolen data.
- Impose stricter sanctions against groups and states that sponsor cybercrime.
- Dismantle criminal markets and cut off state actors’ access to hacking tools.
- Education and awareness to reduce the vulnerability of businesses and citizens.
Conclusion: cybercrime, a borderless threat
Cybercrime has evolved from a financial problem to a global threat with impacts on security, the economy, and geopolitics. The response must be swift, coordinated, and multidimensional, before cyberattacks become an even more dangerous tool for global destabilization.
Source: Security News