COVID-19 and the Use of Offensive Cyber Operations
A matter of fact is that the world has, in the last several months, undergone a period of upheaval as a consequence of the global COVID-19 pandemic. Many aspects of our lives that were taken for granted changed significantly, seemingly, overnight. Countries that shared open borders closed them; multinational corporations abandoned their office environments in favour of working-from-home; and, individuals faced months within the confines of the four walls of their homes. Amongst this chaos and uncertainty, criminals and spooks of the digital age intensified their existing efforts to levels that have been unprecedented in modern history.
It is important to note, though, that these were intensifications of existing operations. Despite the news media’s headlines asserting that these efforts by criminals and spies were phenomena borne of the virus, these efforts were pre-existing, and indeed to many working in the cyber security and intelligence communities, this activity was all too familiar. However, what had changed was the scale and intensity with which this activity was carried out.
Whereas once advanced actors would have to carefully research their targets, crafting messages with a convincing pretense, in the hopes of luring unsuspecting individuals with phishing emails; now, the number of people who were clamoring for information and hope, while simultaneously experiencing stress, boredom, and confusion had grown logarithmically, making almost every person a perfect target, ripe for exploitation. These malevolent actors realized this, and in turn, took M.F. Weiner’s infamous advice, about not wasting a crisis, to heart.
The activity that resulted from this crisis capitalization was as diverse as the motivations of the actors behind it; however, it also served to highlight the increasingly central role that offensive cyber operations (OCO) – the collective term Western governments use to describe such activity – have in governmental activities. Perhaps more interestingly though, is that this intensification of cyber activity peeled back the shroud of secrecy that often veils the activities of foreign and domestic intelligence agencies, even if only for a brief moment, to reveal the extent that OCO plays for the purposes of disinformation, intelligence collection, and intellectual property theft.
Disinformation and Offensive Cyber Operations
Throughout the pandemic, it was clear that information regarding the virus became a highly desirable, and yet altogether scarce, commodity. It seemed that every day, some new “fact” about the virus, preventative measures, a vaccine, or a therapeutic treatment was revealed, only to have that “fact” vanish the following day as competing information disproving the claim was released. This vacuum, and simultaneous overload, of competing “facts” left many perplexed, and a perplexed population is one that will seek out their own answers.
Such a state of confusion and uncertainty is one where disinformation can be effectively employed. It is important to understand that while the terms “misinformation” and “disinformation” are frequently used interchangeably, they relate to very different concepts.
Misinformation is false information, which is often generated by incomplete or faulty data or assumptions and is often transmitted with the intent to aid others. Therefore, a news organization that promulgates information about COVID-19 that later turns out to be false, would be said to be spreading misinformation.
Conversely, disinformation is information which may contain both accurate and inaccurate data (which can make it much harder to separate fact from fiction), which is generated intentionally, and is transmitted in an effort to deflect criticism, divide populations, or disrupt government and business operations. While misinformation can be harmful during intense times of confusion, disinformation can often be far worse, as it has the capability of permeating a collective consciousness and eroding trust.
Examples of disinformation were rampant through the height of the pandemic and were often the result of countries attempting to lessen the “blow” that COVID-19 would have to their economies and international relations. Various agencies have, for instance, accused China of conducting disinformation with regards to the role their country played in the early stages of the virus, including a claim by a senior government official which asserted that the virus was “imported” to China by U.S. military personnel. Other organizations have alleged that various governments have engaged in fostering disinformation about COVID-19 as a biological weapon, as means of fomenting anti-vaccination sentiment, and even claims that COVID-19 was transmitted by 5G cellular technology.
While the claims themselves matter very little, the outcomes of disinformation on a population can be highly consequential: the topic of compulsory vaccinations for COVID-19 has entered the general zeitgeist, significant government resources were committed to determining the origin of COVID-19, and there were several reports of individuals across Europe burning down 5G compatible cellular towers. However, sowing seeds of doubt and discord are not the only results of offensive cyber operations during the height of the pandemic.
Intelligence Collection and Offensive Cyber Operations
As a means of conducting intelligence analysis, one of the fundamental steps is collecting data and information from your allies, adversaries, and third parties. While this is sometimes portrayed in Hollywood as being carried out by secret agents covertly collecting information from hyperbolically evil villains, often in an effort to save the world from an overly complicated plot, the truth is often far more benign. The reality is that various intelligence agencies often commit significant resources to gathering data from an array of open sources (such as the news media from various countries) while also gathering from more sensitive sources such as embassies, diplomats, and yes, even the occasional “secret agent.”
An example of this concerted effort by countries to collect accurate data and information can be seen by a report released early in 2020, which identified activities by the Vietnamese government conducting OCO against the Chinese government in an effort to collect data about the virus from less public sources. This effort highlighted that COVID-19 had become a priority intelligence requirement (PIR), and that Vietnam sought to gain more insight into the Chinese deliberations about the virus, in order to corroborate existing data, or to supplement data that may have been perceived as less reliable from conventional sources. Other governments and agencies have likewise identified that they have been targeted by various cyber espionage actors in an effort to collect data on government responses to COVID-19. 
Intellectual Property Theft and Offensive Cyber Operations
Intellectual property theft remains one of the key motivators for cyber espionage.    The benefits, both financially and reputationally, that can be realized by countries which successfully acquire highly confidential intellectual property secrets are numerous. Such theft can allow domestic firms to “catch up” with foreign countries without the associated research and development costs, for instance. Additionally, such confidential material can also prove highly lucrative during bilateral negotiations and may even allow countries to gain a reputational advantage over their economic competitors.
Therefore, it is no surprise that the interest by various foreign governments   in organizations engaged in COVID-19 research, especially labs working on vaccines, would prove a fruitful target for cyber espionage actors. Indeed, reports of such infiltrations have been widespread, with the United Kingdom, Canada, and the United States all reporting extensive efforts to compromise these organizations. The benefits a government could realize from acquiring research on the topic of the vaccine are extensive: the country would stand to gain international acclaim in being one of the first to develop a vaccine, and domestic firms and governments would stand to profit significantly from nations looking to vaccinate their populations. The result of this is that many countries are seeking to gain a competitive advantage, and the use of OCO to achieve those ends is often the most effective.
To say that the world has changed in the midst of the COVID-19 pandemic is an understatement. Nations are still grappling with the systemic changes necessary to both protect their populations and restart their economies. However, such crises are often ripe for capitalization, and cyber espionage actors are no stranger to these strategic moments. Indeed, the COVID-19 pandemic has resulted in one of the most unprecedented intensifications of global offensive cyber operations in history, with the offensive cyber actors seeking to promulgate disinformation, perform intelligence collection, and acquire sensitive intellectual property all with an eye towards their strategic national interests.
About the Author
Josh Campbell (“Soupy”) is a veteran of the Canadian Armed Forces where he was employed as a signals intelligence analyst performing cyber threat intelligence and threat hunting with the Canadian Forces Network Operations Centre (CFNOC). After transitioning to the private sector, he has worked with both managed security service providers (MSSPs), as well as enterprise teams, to design and implement threat intelligence programs as well as training security and intelligence analysts in both North America and Asia. Josh is currently employed as the Cyber Threat and Operations Lead with Cyborg Security.