Methods of Cyber Espionage and Their Impact on International Security
Abstract
The relevance of this research is determined by the increasing role of cyber espionage as a geopolitical tool and a means of obtaining confidential information. In the context of digitalization, government institutions, international organizations, and corporate entities are becoming key targets of cyberattacks, posing significant threats to national security and global stability.
This article aims to analyze the phenomenon of cyber espionage, particularly its technical, organizational, and social aspects, based on real-world cases. The study focuses on the use of modern attack methods, such as targeted phishing, software vulnerability exploitation, and modular malware deployment. The article seeks to identify common characteristics of cyber espionage campaigns and develop recommendations to counter such threats.
A theoretical methodological approach was used in the study, combining literature review, case analysis of attacks (Red October operation, the attack on the U.S. Office of Personnel Management, the cyberattack on the International Criminal Court, the "Star Blizzard" operation), and a systematic analysis of factors contributing to the success of cyber espionage campaigns.
The study identified key technical methods of attacks, their impact on information security, and the role of the human factor in the success of cyber espionage. Recommendations for strengthening cybersecurity were formulated, encompassing technical, organizational, and international measures.
The findings of this article are of interest to researchers, cybersecurity professionals, and governmental bodies dealing with information protection issues and can be used for developing policies to counteract cyber espionage.
Downloads
References
/References
J. Fruhlinger, “The OPM hack explained: Bad security practices meet China’s Captain America,” CSO Online, Aug. 5, 2020. [Online]. Available: https://www.csoonline.com/article/566509/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.html
B. Mitchell, “Corporate cyberespionage: Identification and prevention part 2,” EDPACS, vol. 62, no. 6, pp. 1–14, 2020, doi: 10.1080/07366981.2020.1798595.
I. H. Abu Samah, A. Sarip, M. K. Ishak, R. Shaari, N. S. A. Rahim, and I. M. Abd Rashid, “Navigating data secrecy challenges: A study on cyberespionage intentions in the WFH era,” Journal of the Institution of Engineers (India): Series B, vol. 105, no. 4, pp. 941–957, 2024, doi: 10.1007/s40031-024-01022-1.
I. V. Diorditsa, “The concept and content of cyberespionage,” Goal International, 2017. [Online]. Available: https://goal-int.org/ponyattya-ta-zmist-kibershpigunstva/ [in Ukrainian].
S. M. Bellovin, “Military cybersomethings,” IEEE Security & Privacy, vol. 11, no. 3, pp. 88–89, 2013, doi: 10.1109/MSP.2013.68.
K. Zetter, “Cybersleuths uncover 5-year spy operation targeting governments,” WIRED, Jan. 14, 2013. [Online]. Available: https://www.wired.com/2013/01/red-october-spy-campaign/
T. Brewster, “What can you do when governments attack?,” BBC, Apr. 23, 2014. [Online]. Available: https://www.bbc.com/russian/business/2014/04/140423_vert_cap_when_governments_attack [in Russian].
D. Goodin, “Red October relied on Java exploit to infect PCs,” Ars Technica, Jan. 15, 2013. [Online]. Available: https://arstechnica.com/information-technology/2013/01/massive-espionage-malware-relied-on-java-exploit-to-infect-pcs/
V. Saakov, “Hackers stole the data of millions of people in the USA,” Deutsche Welle, Jul. 10, 2015. [Online]. Available: https://www.dw.com/uk/хакери-викрали-особисті-дані-близько-215-мільйона-людей-у-сша/a-18576309 [in Ukrainian].
D. O. Marits, “Cyberattack – The war of the future,” Institute of Modern Information Problems, 2015. [Online]. Available: https://ippi.org.ua/sites/default/files/maric.pdf [in Ukrainian].
International Criminal Court, “Measures taken following the unprecedented cyber-attack on the ICC,” ICC, Sep. 22, 2023. [Online]. Available: https://www.icc-cpi.int/news/measures-taken-following-unprecedented-cyber-attack-icc
T. Digmelashvili, “The impact of cyberwarfare on national security,” ResearchGate, 2023. [Online]. Available: https://www.researchgate.net/publication/373855875_The_Impact_of_Cyberwarfare_on_the_National_Security
C. Smishlyayev, “London exposed cyberattacks on high-ranking officials by the Russian Federation,” Deutsche Welle, Dec. 7, 2023. [Online]. Available: https://www.dw.com/uk/velikobritania-vikrila-sprobi-kiberatak-na-visokoposadovciv-z-boku-rf/a-67659852 [in Ukrainian].
V. M. Shlapachenko, “Espionage as an activity of information retrieval,” Human, Society, and State Information Security, vol. 1, no. 17, pp. 99–109, 2020. [in Ukrainian].
M. M. Chekhovska, “Cyberespionage as a threat to national security,” in Current Issues in State Information Security Management, Kyiv, Ukraine: Scientific Publishing Department of the Security Service of Ukraine, 2021, pp. 232–234. [in Ukrainian].
Fruhlinger J. The OPM hack explained: Bad security practices meet China’s Captain America [Електронний ресурс] // CSO Online. – 2020. – Режим доступу: https://www.csoonline.com/article/566509/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.html (Дата звернення: 16.08.2025).
Mitchell B. Corporate cyberespionage: Identification and prevention // EDPACS. – 2020. – Vol. 62, No. 6. – P. 1–14. – DOI: https://doi.org/10.1080/07366981.2020.1798595 (Дата звернення: 17.08.2025).
Abu Samah I. H., Sarip A., Ishak M. K., Shaari R., Rahim N. S. A., Abd Rashid I. M. Navigating data secrecy challenges: A study on cyberespionage intentions in the WFH era // Journal of the Institution of Engineers (India), Series B. – 2024. – Vol. 105, No. 4. – P. 941–957. – DOI: https://doi.org/10.1007/s40031-024-01022-1 (Дата звернення: 18.08.2025).
Діордіца І. В. Поняття та зміст кібершпигунства [Електронний ресурс] // Goal International. – 2017. – Режим доступу: https://goal-int.org/ponyattya-ta-zmist-kibershpigunstva/ (Дата звернення: 19.08.2025).
Bellovin S. M. Military cybersomethings // IEEE Security & Privacy. – 2013. – Vol. 11, No. 3. – P. 88–89. – Режим доступу: https://ieeexplore.ieee.org/document/6521321 (Дата звернення: 20.08.2025).
Zetter K. Cybersleuths uncover 5-year spy operation targeting governments [Електронний ресурс] // Wired. – 2013. – Режим доступу: https://www.wired.com/2013/01/red-october-spy-campaign/ (Дата звернення: 21.08.2025).
Brewster T. When a government is behind a cyberattack [Електронний ресурс] // BBC. – 2014. – Режим доступу: https://www.bbc.com/russian/business/2014/04/140423_vert_cap_when_governments_attack (Дата звернення: 22.08.2025).
Goodin D. Red October relied on Java exploit to infect PCs [Електронний ресурс] // Ars Technica. – 2013. – Режим доступу: https://arstechnica.com/information-technology/2013/01/massive-espionage-malware-relied-on-java-exploit-to-infect-pcs/ (Дата звернення: 23.08.2025).
Сааков В. У США хакери викрали дані мільйонів осіб [Електронний ресурс] // DW. – 2015. – Режим доступу: https://www.dw.com/uk/хакери-викрали-особисті-дані-близько-215-мільйона-людей-у-сша/a-18576309 (Дата звернення: 24.08.2025).
Маріц Д. О. “Кібератака” – війна майбутнього [Електронний ресурс]. – Київ: Інститут проблем сучасної інформації, 2015. – Режим доступу: https://ippi.org.ua/sites/default/files/maric.pdf (Дата звернення: 25.08.2025).
International Criminal Court. Measures taken following the unprecedented cyber-attack on the ICC [Електронний ресурс]. – 2023. – Режим доступу: https://www.icc-cpi.int/news/measures-taken-following-unprecedented-cyber-attack-icc (Дата звернення: 26.08.2025).
Digmelashvili T. The impact of cyberwarfare on national security [Електронний ресурс] // ResearchGate. – 2023. – Режим доступу: https://www.researchgate.net/publication/373855875_The_Impact_of_Cyberwarfare_on_the_National_Security (Дата звернення: 27.08.2025).
Смишляєв С. Лондон викрив спроби кібератак на високопосадовців з боку РФ [Електронний ресурс] // DW. – 2023. – Режим доступу: https://www.dw.com/uk/velikobritania-vikrila-sprobi-kiberatak-na-visokoposadovciv-z-boku-rf/a-67659852 (Дата звернення: 28.08.2025).
Шлапаченко В. М. Шпигунство як діяльність зі здобування інформації // Інформаційна безпека людини, суспільства, держави. – 2020. – № 1 (17). – С. 99–109. (Дата звернення: 29.08.2025).
Чеховська М. М. Кібершпіонаж як загроза національній безпеці // Актуальні проблеми управління інформаційною безпекою держави. – Київ: Наук.-вид. відділ НА СБ України, 2021. С. 232–234. (Дата звернення: 30.08.2025).
