Welcome back to the Cyber Resilience Brief, a safe brief podcast. I’m your host, Toba Devorean, and today, we have a truly critical discussion lined up. With global tensions escalating and what some are calling the shadow war already underway, understanding the implications for our digital defenses has never been more vital. That’s absolutely right, Tove. The landscape is shifting dramatically, and the lines between peace and conflict are blurring, particularly in the cyber domain. We’re seeing a fundamental redefinition of what warfare means, and frankly, it’s something every CSO and security team needs to grasp immediately. And that means, dear listeners, that in this episode, we’re not only going to go over the history behind cyber warfare, but also actionals actionable steps you can take right now as war is unfolding. Let’s begin. Adrienne, you’ve doing some deep dives into recent research on this, but let’s start with a foundational understanding of war itself. How has our historical understanding, particularly from strategists like Clausewitz, been impacted or reinterpreted in this new digital era? It’s fascinating, Tove. There’s lots of research out there that looks at how principles laid down centuries ago still apply. While the characteristics of war have changed dramatically, we’re talking about malware instead of muskets, the nature of war remains the same. It’s still about compelling an adversary to do your will, often through violent means or, in our case, disruptive means. The core idea of war is a continuation of policy just by other methods. That’s still absolutely valid. The fog of war that Clausiewicz, the nineteenth century German analyst, spoke of, that’s now the fog of data or the sheer complexity of our Internet connected systems. The head of the UK Secret Intelligence Service, MI six, known as Sea, currently Blaze Metro Valley, has been briefing extensively, both publicly and privately, about the rise of hybrid and shadow warfare, how hostile foreign nation states are aggressively pushing these envelopes, and that our conception of what constitutes war needs to mature. So the core objective hasn’t changed, but the battlefield certainly has. This brings us directly to cyber as a theater of war. Can you elaborate on how cyber has evolved from a supporting element to a fully acknowledged domain of conflict? For a long time, cyber was seen as an intelligence gathering tool, maybe for sabotage disruption. But research confirms it’s now unequivocally the fifth domain of warfare alongside land, sea, air, and space. And it’s unique. It’s entirely man made. The others are tangible. It’s global, and it allows for what we call strategic paralysis without any kinetic force by the attacker, all from behind the keyboard. You can cripple a nation’s ability to operate, its logistics, its finances, its critical infrastructure, again, all from behind the keyboard. The time and space compression is insane asymmetry. And a tuck can originate anywhere and hit anywhere else in milliseconds. It’s a sobering thought, but the speed and reach are unparalleled. Now the shadow roar that you mentioned, where does that fit in? Is it just constant probing, or is it something more significant happening? It’s more significant. We’re in a state of persistent engagement. The threshold for what constitutes an armed attack in the traditional sense is constantly being tested in cyber. Nation states are probing, always mapping networks, always planting implants, always gathering intelligence, always pushing the envelope. It’s like never ending reconnaissance mission, and it’s sometimes that recon involves deploying destructive code that causes real world impact. The objective often isn’t immediate destruction, but rather establishing access and maintaining a persistent foothold for future operations should over conflict erupt. And that brings us to real world implications for security teams. If we’re already in a shadow war and the threat of overt conflict is imminent, what does this mean for prioritizing our defenses? And which nation state threat actors or APT groups should organizations be focusing their highest priority on defending against right now? That’s a really important question, Tova, and this is where the rubber meets the road. Our research identified four key nation state actors, each with distinct motivations and methodologies that absolutely demand top tier attention. First, we have Russia. Their objective is largely about disabling westernizing western alliances and internal social cohesion. They’re masters of hybrid warfare, blending disinformation campaigns with destructive wiper malware. Think energy grids, government systems, anything that can cause chaos and erode public trust. Groups like a p twenty a p t twenty eight Fancy Bear, a p t twenty nine Cozy Bear, along with the state sponsored entities like Sandworm are prime examples. Their tactics are often brazen, disruptive, and aimed at immediate impacts. So disruption and chaos are their mean game. What about the long game? Well, the long game brings us to China. Their strategic objective is fundamentally about achieving global economic and technological superiority. They’re playing a long game focused on intellectual property, theft, and establishing deep persistent access with critical infrastructure. They use living off the land techniques extensively blending in with legitimate network traffic to ensure a long term presence. Groups like APT forty one, Double Dragon, APT ten, Stone Pounder, are notorious for this. If you are in manufacturing high-tech defense, or critical infrastructure, China’s APT should be the absolute top of your concerns for data exfiltration and strategic espionage. Economic espionage on a national scale, that’s a serious threat to competitiveness. Now who else is high in the priority list? Next, we have Iran, and these priorities shift all the time. You could argue at the moment Iran is top of the list. Their primary goal is regional dominance in the Middle East and deterring Western influence or sanctions. They’re known for destructive probing, using ransomware and targeting industrial control systems, particularly in critical infrastructure. Their attacks often come at swift retaliation for perceived slights. Groups like APT thirty three, Sharman and Elfin, APT thirty four, Oil Rig, are very active in these spaces, and their focus on operational technology environments is a significant concern for all of us. And finally, we can’t forget North Korea, can we? Certainly not. North Korea is unique in its motivation. Regime survival and funding its sanctioned weapons programs. They are state sponsored finances focusing heavily on cryptocurrency theft and global banking intrusions often through sophisticated spear phishing campaigns. Groups like APC thirty eight, the Lazarus Group, are incredibly adept at bypassing economic isolation by simply stealing vast sums of money from financial institutions worldwide. Any organization involved in finance or even those with significant digital asset digital assets needs to be extremely vigilant against them. Well, that’s a comprehensive breakdown of the key players, China, Russia, Iran, and North Korea. And for our listeners, we have also an episode coming out very shortly on all of them as a whole, and stay tuned as we take deeper dives into each of them. Now, it’s clear that organizations face this multifaceted and evolving threat from multiple sources. So how do solutions like breach and attack simulation, continuous automated red teaming, and adversarial exposure validation help enterprises confront these sophisticated nation state threats? This is precisely where SafeReach comes in, Tova. Given this aggressive threat landscape, the traditional wait and see approach to security is a recipe for disaster. Breach and attack simulation, BaaS allows organizations to continuously validate their security controls against the very tactics, techniques, and procedures, TTPs, used by these specific APT groups we’ve just discussed. Instead of waiting for an attack to happen, BaaS proactively simulates them identifying gaps before a relapse re exploits them. It’s about constant readiness, continual preparation. In other words, it’s about being and continuously proactive rather than spontaneously reactive. It’s in the name, but how does Continuous Automated Red Teaming or CART build on that? So CART takes that a step further. It automates sophisticated multistage attack scenarios, mimicking how a real APT would move through your network from initial compromise to lateral movement to data exfiltration, or even disrupting critical systems. It assesses your entire kill chain defense, not just individual controls. This is crucial because nation state actors don’t use single exploits. They use campaigns. CART helps you understand your resilience against these full campaigns tenuously, which means you’re always adapting. And adversarial exposure validation or AAV, where does that fit into securing against these high priority APTs? So think of AAV conceptually as being the intelligence layer that makes BasimCart truly effective. It means taking the latest threat intelligence, which TTP’s APT twenty eight is using today, how APT four is bypassing specific EDRs this week, right now, and immediately validating your defenses against that intelligence, hence why we need to achieve a continuous program. This ensures your security posture is always aligned with the most current and relevant threats. You’re not just testing, you’re validating your exposure against actual current adversaries. For these nation state actors who are constantly evolving, AEV is nonnegotiable. So essentially, these solutions move security from a static reactive state to a dynamic, proactive, and continuously validated posture. It sounds like an absolute necessity given the current global climate. It truly is. We’re not just talking about compliance anymore. We’re talking about national security, economic stability, and operational resilience. Understanding the enemy, their motives, and their methods, and then continuously validating your defenses against them is the only way to ensure that your organization, and by extension, your nation remains secure in this volatile new world. It’s about being ready for war even if it’s fought in the digital realm. And to that end, we’ve we’ve got three key takeaways. Do you have in place a continuous testing program? If not, please rectify that ASAP. Underpinning that continuous program, number two, have you identified what threat is relevant against you? And then number three, having identified the threat and threat actors that are relevant against you and your company or organization, are you continuously using BaaS cart and AAV to make sure that you’re validating your security controls against those actual techniques at those actual campaigns? Now is the time. Now is the time. Adrian, thank you for this incredibly insightful and sobering discussion. It’s clear that the stakes have never been higher, and the need for robust proactive cyber defenses is paramount. Pleasure, Tova, as always. The conversation needs to happen now before it’s too late. And that’s all the time we have for this edition of the Cyber Resilience Brief. Join us next time as we continue to explore the evolving world of cybersecurity and Crink. In the meantime, stay safe. Stay safe with SafeBreach. The Cyber Resilience Brief is a SafeBreach podcast. Executive produced by Adrienne Culley and Chova Devoran. Music produced by Sar Dressner. Hosted, edited, and compiled on Riverside. For more about SafeReach and how you can validate your security controls across your entire IT infrastructure, visit us at w w w dot safereach dot com. That’s w w w dot s a f e b r e a t h dot com.
