State actors ramp up cyber capacity and attacks, NCTV reports

State actor threats

In 2023, the NCTV noted an increase in cyber operations by Russian state actors against European and NATO-allied activities as compared to the first year of the Russian invasion in Ukraine. It is likely that some of these cyber operations were carried out with the aim of obtaining a position within critical infrastructure in order to be able to sabotage it at a later time, the report highlights. In addition, the NCTV found several cases of hackers who tried to break into systems of the Dutch government and other EU and NATO countries, in order to obtain information about, for example, support for Ukraine.

In China, cyber operations are also rapidly evolving, with Chinese intelligence services steadily increasing activities to attack Western targets. While this is not a new trend, an increase was found in the intensity, size and technical level of these cyber campaigns in 2023, the report said. Although threats have so far mainly consisted of possible espionage, it seems that Chinese hackers are now also extending their activities to sabotage, rather than merely espionage. Chinese capacity in this area is growing rapidly and could be deployed anywhere in the world within a relatively short period of time, making the Chinese cyber sabotage program a potential threat to the Netherlands in the coming years, the report warns.

Another notable state actor threat comes from North Korea, especially because this country’s cyber program is aimed at making money with cyber attacks. The program therefore poses a global threat, but to the crypto sector in particular. North Korea is said to have stolen 3 billion dollars so far, which could contribute to financing the regime or, for example, the nuclear, cyber or other weapons program.

Quantum computers & cryptography 

Another threat noted in the report is the development of a quantum computer. While the post-quantum era will offer a large number of opportunities, it also leads to risks for national security, the NCTV notes, as a quantum computer with sufficient computing power would capable of weakening or breaking commonly used encryption methods.

Currently, cryptography is an essential part of large parts of the Dutch digital space. Cryptography plays a key role in ensuring the availability, integrity and confidentiality of digital processes and data, including the controlling of traffic lights and bridges, communication in the form of e-mail or app messages and protecting identity data. In addition, cryptography is used to encrypt confidential, trade secret and state secret information.

The use of cryptography protects the continuity of vital infrastructure, economic security and social security. This makes cryptography, both now and in the future, of essential importance for safeguarding the national security of the Netherlands, the report notes. 

Although it is unlikely that there are currently quantum computers that can effectively break current cryptography, the potential risks resulting from the arrival of a powerful quantum computer should already be taken into account, especially focusing on the ‘store now, decrypt later’ method, in which encrypted data that is intercepted and stored now can then be decrypted at a later time. According to the AIVD and the NCSC, this currently constitutes the most urgent threat to organizations in relation to the arrival of a powerful quantum computer. Organizations must take this threat into account if they have data that must remain confidential for a longer period of time, the report highlights.

Notable incidents & attacks

The reports also highlights notable incidents in the Netherlands and globally, which include:

• In October 2023, the International Criminal Court (ICC) fell victim to a target cyber attack. The type of attack and its impact have not been disclosed, but the ICC suspects that it may involve espionage and undermining of its activities. Additionally, media reported that sensitive documents had been stolen.
• In February 2024, the Ministry of Defense said it had found Chinese espionage software on an unclassified computer system of the armed forces. According to the MIVD, it was advanced espionage malware placed by Chinese hackers. The malware, called COATHANGER, was found on a separate computer network for Research and Development, which had fewer than fifty users.
• In April 2024, the broadcast of a children's channel called BabyTV was interrupted by signal hijacking, after which Russian propaganda was shown on the children's channel in the Netherlands, Scandinavia and Portugal for a while. After an incident in March, another interruption followed in April, during which Russian propaganda was shown on BabyTV. The action does not seem to have been aimed at BabyTV, but was collateral damage of a broader action aimed at disrupting broadcasts of Ukrainian channels.
• In June 2024, hackers managed to penetrate the internal IT systems of the German TeamViewer, using login details of an employee. The hackers are said to have copied the directory data of employees and thereby gained access to names, business contact information and encrypted passwords. According to TeamViewer, the attacked internal IT system is completely separate from the production environment and customer data, which means the attack would not have any consequences for customers.

The Cybersecuritybeeld Nederland 2024 can be found here.