Intelligence Cut-off Date (ICoD) 

9th of July at 09:00 

2024 NATO Summit 

Today (9th of July) marks the beginning of the 2024 North Atlantic Treaty Organization (NATO) summit, scheduled to be held in Washington D.C. until the 11th of July. The summit will commemorate the 75th anniversary of the alliance and is set to involve heads of governments and states assessing current events and providing strategic direction for alliance members. 

The 2024 summit is set to focus on NATO’s response to global threats threatening peace and western democracies, emphasising Russia’s ongoing invasion of Ukraine and North Korea’s weapon supply to Moscow and troop deployment to the Ukrainian front lines. With the official title of the 2024 Washington summit being “Ukraine and transatlantic security”, we have assessed that it is highly likely that Russian cyber operations will surge during this period and beyond, targeting a range of NATO industry sectors. 

Geopolitical Developments Within NATO Member States 

There have been several notable developments relating to NATO members, such as the UK and the US, that will likely translate into parallelled state-level cyber aggression. 

Whilst visiting Kyiv on the 3rd of May, the previous UK Foreign Secretary David Cameron stated that it was  Ukraine’s prerogative as to how it would utilise British weapons or to strike inside the Russian borders, marking a major UK foreign policy change. This was followed by the US Secretary of State, Antony Blinken, reaffirming Washington’s military support for Ukraine during a visit to Kyiv on the 14th of May as Russia opened a new northern front with an attack on the Kharkiv region, reflecting the Biden administration’s commitment to Ukraine’s long-term security in Eastern Europe. 

More recently, the US implicitly gave Ukraine permission to strike inside Russia, but only near the Kharkiv Oblast, with no exact borderlines defined. This was made more official on the 20th of June when Washington authorised Ukrainian usage US-supplied weapons against Russian forces across the border, extending beyond the region near Kharkiv. This was likely a response to Russia forming a “comprehensive strategic partnership” pact the day before, which included a mutual defence clause in the case of aggression against either nation. 

The Labour Party Set To Make Its Mark On The World Stage? 

The 2024 NATO Summit will likely set the tone of the Labour Party government’s approach to the UK’s global position, whilst filling in the gaps within its manifesto. The 9th – 11th of July will provide an opportunity for the new UK Prime Minister, Sir Keir Starmer, to re-enforce the Labour party’s support for Ukraine but will likely be pressured to clarify Labour ‘s intended national defence spending.  

With the Labour Party government committing to match the previous Conservative Party’s ambition of increasing UK defence spending to 2.5% of GDP (up from approximately 2.3% at the moment), this would likely incite Moscow-aligned cyber aggression against the UK as this would not only bolster the UK’s defensive posture against advancing Russian state threats but would also likely encourage fellow NATO states to follow suit with the NATO Secretary General Jens Stoltenberg announcing on the 17th of June that a record 23 of 32 NATO member states had met their respective national defence spending targets of 2% GDP. 

Cyber Warfare Looming 

With these factors in mind, the UK will likely emerge as a prime target for hostile Russian state cyber activity. Of note is the ongoing Homes for Ukraine Scheme, whereby Ukrainian nationals are receiving accommodation and support by the UK government as they seek to flee from the war-torn area in Eastern Europe. As such, we have assessed that both the UK public and housing sectors face a heightened risk by Russian cyber actors who will likely perceive this as an opportunity to launch both disruptive and espionage style attacks in retaliation for the UK’s support for Ukrainian citizens.  

Impacted Industry Sectors 

With hybrid warfare continuing to be leveraged to advance state agendas, we have assessed that the Russia-aligned cyber actors will likely leverage the cyber space as the Federation seeks to retaliate against NATO’s support for Ukraine’s counter military efforts and to retaliate against ongoing Western sanctions.  

With this ongoing cyberwar spilling over into a number of sectors, Western businesses and their supply chains should remain vigilant to the following Russia-aligned cyber threats that will likely capitalise on the 2024 NATO Summit as a launchpad 

• Firstly, Russia’s ability to target critical infrastructure within NATO states, including underwater cables and industrial control systems 

• Surging Moscow-aligned cyber aggression to inhibit cooperation between defence, government and financial sectors involved in providing Ukrainian support. 

• Espionage and intelligence collection against NATO’s aerospace and defence sectors with Russia modernising its nuclear weapons capabilities and maintaining a large nuclear weapons stockpile.  

• Disruptive cyber-attacks focusing on the transportation and logistics sectors to disrupt the delivery of Ukrainian aid and military hardware. 

Surging Hacktivism 

The most notorious Russian hacktivist that we have tracked throughout 2024 has been NoName057, a group that not only targets NATO states on a daily basis but also recently launched sustained DDoS attacks against the UK public sector on the 4th of July, almost certainly attempting to disrupt the UK General Election.  

NoName(057) offensive efforts, involving their modus operandi of distributed denial-of-service (DDoS) attacks, will likely be launched with greater volume than usual throughout the time of the 2024 NATO Summit with the objective of protesting against opposing government policies and disrupting the critical national infrastructure (CNI) of states perceived to be in opposition to their sociopolitical agenda. 

Mitigation strategies 

Based on the attack chain that we have detected to have been incorporated by Russian state-sponsored cyber operators, the Quorum Cyber Threat Intelligence team strongly recommends that the organisation implement the following defensive measures to strengthen operational resilience: 

• Implement and enforce the use of MFA 

• Secure and monitor instances of remote desktop protocol (RDP) and other vulnerable services 

• Enforce end-user cyber security awareness and training 

• Prioritise mitigation of KEVs1 

• Implement the Cyber Performance Goals2, which are a baseline set of broadly applicable cyber security practices with known risk-reduction value.   

We also strongly recommend that both public and private sector businesses implement the following mitigation strategies to bolster their security posture against disruptive hacktivist efforts: 

• DDoS Mitigation: Apply DDoS mitigation solutions to combat sudden network traffic surges. These can include load balancing, traffic filtering, and content delivery networks to ensure company services remain accessible during attacks. 

• Attack Surface Management: Update and secure company assets, emphasising websites which are the primary target for web defacement and DDoS attacks. Implement strong authentication protocols, such as multi-factor authentication (MFA), and monitor internet-facing assets for unauthorised access. 

• Data Protection: Safeguard sensitive data with encryption, access controls, and regular security audits.  

• Employee Training: Train employees to detect markers of social engineering tactics to raise awareness and reduce the risk of hacktivist efforts. 

Outlook 

With the UK-based International Institute for Strategic Studies recently estimating that Russia could sustain its warfare efforts for an additional two to three years, Moscow-aligned cyber operations will almost certainly escalate beyond the 2024 NATO Summit in alignment with the continually fracturing geopolitical landscape. 

For further details, you can refer to the Quorum Cyber Threat Intelligence Outlook 2024 report which provides a comprehensive breakdown on which offensive cyber operations will likely coincide with numerous major global events scheduled for 2024, such as presidential and national elections, as well as the Olympic Games in Paris. 

Global Cyber Threat Series: Europe 

To find out more about the cyber threat landscape developing within the European area, you can now sign-up to our upcoming Global Cyber Threat Series: Europe webinar, where we will provide a strategic overview of cyber threats originating from and being targeted towards European countries with key topics including: 

• Cyber threats facing the UK public and private sector 

• Sophisticated and disruptive cyber-attacks launched by Russian state actors against Western European infrastructure 

• Moscow’s advancing information warfare posture against Western democracy, including the use of artificial intelligence technologies such as deepfakes  

• Cyber operations launched by Ukrainian hacker units to counter Russia’s ongoing invasion 

• Cyber warfare developments coinciding with the ongoing Russia-Ukraine conflict and how this is spilling over into the UK 

• Emerging cyber activity aligned with the Republic of Belarus 

• The rising threat of pro-Russian hacktivists 

Register here.