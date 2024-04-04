Critical national infrastructure (CNI), such as the shipping industry and nuclear power plants, has been an especially attractive target for cyber threat actors in recent years. Cyber attacks on critical infrastructure are an effective way to maximize disruption and damage. A substantial and coordinated effort is required to protect these systems, both public and private, as they are essential to maintain state services and to ensure the business environment within a country operates smoothly.

Some states have invested in significant resources to detect and repel cyber attacks on critical infrastructure, but no country can fend off all cyber threats, and no technology is "unhackable."



Australia’s second-largest telecom company, Optus, said Sept. 22, 2022, that the personal data, including license or passport numbers, of nearly 10 million customers was leaked by hackers. Australian Cyber Security Minister Clare O’Neil said the data breach was caused by vulnerabilities at Optus as the hack “was not particularly technologically challenging.” A ransom demand was reportedly made for US$1 million in cryptocurrency in exchange for the data, but Optus did not comment on whether the ransom demand was authentic.



According to experts, hackers have also maintained a constant campaign of cyber attacks against Ukrainian, NATO, EU and other Western entities, principally targeting government and defense-related organizations. Cyber security analysts have suggested that hackers affiliated with Russian military intelligence are becoming more aggressive and more direct in their attacks.



The European Parliament website was inaccessible due to a cyber attack for several hours in late 2022, soon after legislators passed a resolution denouncing Russia as a "state sponsor of terrorism"; a pro-Kremlin group subsequently claimed responsibility for the cyber attack. Separately, the Microsoft Security Threat Intelligence Center has attributed cyber attacks against Ukrainian and Polish transport and security organizations to hackers backed by the GRU, Russia's military intelligence directorate.



Moldova’s Information Technology and Cyber Security Service (SIS) said in January 2023 that a coordinated phishing attack on government bodies and institutions was attempted. Hackers reportedly targeted more than 1,300 email accounts associated with government services.



This highlights an ongoing battle against cyber risks for Moldova, which recorded a sharp increase in the number of attempted cyber attacks in 2022, possibly due to its support of Ukraine amid the Russia–Ukraine war. On Oct. 24, 2023, SIS announced that it had blocked access to 22 websites owned or controlled by the Russian government on national security grounds. Russia’s foreign ministry described Moldova’s move a “hostile step.”



With bilateral relations between Moldova and Russia continuing to deteriorate, the latest development will likely increase the likelihood of retaliatory cyberattacks by, most probably, Russian-based or Russian-linked hackers against government and private sector IT networks in Moldova, including against media outlets, government websites and critical national infrastructure (CNI) such as power, water and gas distribution networks.



Meanwhile, Italy’s Cyber Security Agency said on Aug. 1, 2023, that websites of at least five Italian banks had been hit by distributed denial-of-service (DDoS) cyber attacks, reportedly originating from Russia, causing widespread disruption to online banking services.



The risk of Russian cyber attacks against Western states providing political, military, financial and humanitarian support to Ukraine has remained elevated and any announcement by Western governments of new sanctions or new support programs for Ukraine in the near future might trigger more similar cyber attacks on critical infrastructure. The most likely targets will be government websites, those of public and privately owned media outlets, defense-sector firms, financial institutions and other critical national infrastructures.



Another more recent cyber attack happened in Sri Lanka; the government of Sri Lanka confirmed on Sept. 11,2023, that a ransomware cyber attack by an unknown threat actor had exfiltrated months of data from the Lanka Government Cloud system. The cyber attack impacted nearly 5,000 email addresses of government employees, including the accounts of the Council of Ministers and other top government authorities. There were no backups between May 17 and Aug. 26, resulting in permanent loss of data from that time.



The Sri Lankan’s national computer emergency readiness team (SLCERT) has opened an investigation into the attacks, although it is likely that the threat actors exploited a vulnerability in a previous version of Microsoft Exchange as it had not been updated.

