Diplomatic networks carry some of the world’s most sensitive information: communications between world leaders, key technical intellectual property, trade strategies, and military plans. A recent report by antiphishing vendor Area 1 Security reveals that a three-year-long cyber attack led to the successful breach of the European Union’s diplomatic communications network. By focusing on the cybersecurity of the weakest link — the Ministry of Foreign Affairs for Cyprus — the information of all EU-28 member states has been compromised. Area 1 attributes the attack to the Strategic Support Force (SSF) of the People’s Liberation Army (PLA) of China.
The breach led to the disclosure of sensitive conversations between European Union officials discussing topics such as US President Donald Trump, Iranian sanctions, and Russian activity in Ukraine. Like all diplomatic communications, these include strategic goals, negotiating positions, ruminations on the mental state of various world leaders, and the potential implications of items being discussed by each party. The participants had no idea they were being monitored by an adversary. As far as they knew, they were using a secure network to share this information.
Impact On The European Union
The thoughts shared in supposedly private circumstances “among friends” is highly damaging for the European Union. For example, the private disagreements that underlie the EU’s united front on issues such as Brexit, the response to sanctions and foreign policy coordination among member states, and the division and opinions within the diplomatic corps all being brought to light is extremely unhelpful. This damages the position of the Union in terms of how it responds to the rise of China and an increasingly assertive Russian foreign policy.
This attack shows the need to consider cybersecurity as a factor in geopolitical world-power considerations. Being compromised in this way, and having its deepest secrets exposed, weakens the hand of the EU in dealing with sensitive foreign policy decisions and trade negotiations. Armed with the innermost thoughts of EU officials, adversaries have an advantage in negotiations.
“Sophisticated” Techniques Weren’t Needed
The initial breach of this secure network wasn’t caused by a highly technical attack. Instead, a simple phishing email directed toward the Ministry of Foreign Affairs in Cyprus led to the breach of the COREU network, which is shared among the 28 EU countries. The attacker techniques described by Area 1 were “technically unremarkable.” As happens all too often, attackers found their way to the treasure trove by exploiting a weak point.
Prioritize Phishing Protection as Part of Your Security Strategy
Many organizations focus their cybersecurity strategy on threat detection and buying tools to detect the most advanced threats. Email security, and therefore antiphishing, then typically becomes a lower priority and is usually delegated to junior staff. As is evidenced by this cyberattack, which was allegedly conducted by one of the most sophisticated threat actors in the world, the simplest attacks can have the most damaging outcomes.
Due to their manipulative nature, phishing emails are quite difficult to detect and block. They target their victims by masking malicious links and attachments to mimic routine tasks or urgent requests. The attacker may sit in your network for months, observing the comings and goings of company correspondence to craft the perfect personalized email that fools even experienced S&R pros. Phishing prevention requires a layered approach that includes:
Follow Zero Trust Principles to Protect Sensitive Data
Forrester’s Zero Trust eXtended (ZTX) framework requires organizations to identify and protect sensitive data by segmenting networks into secure microperimeters and controlling access to those systems by continually evaluating access rights. If an attacker does evade your defenses and gain access, you can’t wait for the attacker to make a mistake to discover them. Employ security analytics tools or managed detection and response (MDR) services to discover attackers hiding in your network instead of allowing them to persist there for years undiscovered.
Joseph Blankenship, senior analyst, Jeff Pollard, principal analyst and Paul McKay, senior analyst from Forrester authored this article, which can also be found here.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.