A recent report from Google has unveiled alarming trends in cyber-espionage, highlighting a surge in attacks directed at the defence industry and its employees. This analysis, released ahead of the Munich Security Conference, reveals a sophisticated landscape of threats that extend beyond traditional targets, encompassing broader industrial sectors in both the United States and Europe.
Escalating Cyber Threats
Google’s threat intelligence team has documented a “relentless barrage” of cyber operations aimed primarily at the industrial supply chains of the EU and the US. Luke McNamara, an analyst at Google, emphasised the evolution of these threats, noting a shift towards more personalised attacks targeting individuals directly involved in the defence sector. This trend complicates detection, as many incidents now occur on personal devices, bypassing corporate networks.
McNamara pointed out that the focus on personnel has become a significant aspect of these cyber operations. “It’s harder to detect these threats when it’s happening on an employee’s personal system, right?” he explained. “The whole personnel piece has become one of the major themes.”
Broader Targets and Tactics
The report highlights an alarming trend of extortion campaigns targeting smaller entities not directly linked to defence, such as manufacturers of automobiles and ball bearings. This suggests that hackers are expanding their focus beyond major defence contractors to include a wider array of industrial players.
One notable incident linked to Russian intelligence showcases the extensive reach of these cyber-attacks. Hackers attempted to gather sensitive information by spoofing the websites of numerous leading defence contractors across various nations, including the UK, US, Germany, and South Korea. Additionally, Russian groups have developed targeted hacks to compromise the accounts of Ukrainian military personnel and journalists, employing methods that could easily be adapted by other malicious actors.
Specific Threats to Ukraine
The situation is particularly critical in Ukraine, where Dr. Ilona Khmeleva, secretary of the Economic Security Council, reported a staggering 37% increase in cyber incidents from 2024 to 2025. Many of these attacks have been highly personalised, with potential targets monitored for extended periods prior to an assault. Such tactics underscore the evolving nature of cyber threats, which increasingly target individuals rather than solely focusing on organisational vulnerabilities.
Moreover, Ukrainian frontline drone units have faced exceptionally targeted attacks from hackers impersonating legitimate drone manufacturers or training programmes. This trend not only highlights the sophistication of the attacks but also raises questions about the security of critical military infrastructure.
Global Implications of Cyber-Espionage
The implications of these cyber-espionage campaigns extend far beyond Europe. North Korean hackers have been reported to impersonate corporate recruiters, utilising AI to profile potential targets within defence companies. Their efforts have proven effective, with over 100 US firms reportedly hiring these infiltrators as “remote IT workers,” ostensibly to fund the North Korean regime.
Iranian state-sponsored groups have similarly resorted to creating fraudulent job portals, aiming to extract credentials from employees of defence firms. Meanwhile, APT5, a group with ties to China, has been targeting aerospace and defence personnel with highly tailored communications, further exemplifying the global scale of the threat.
Dr. Khmeleva noted that as Western technologies and investments become integrated into Ukraine—particularly through military support and collaborative industrial efforts—the pool of potential victims expands significantly. “Employees of foreign companies, contractors, engineers, and consultants involved in Ukraine-related projects may also become targets, making this a transnational security issue, not a purely national one,” she stated.
Why it Matters
The findings of Google’s report reveal a concerning shift in the landscape of cyber-espionage, where attackers are increasingly targeting individuals and smaller companies, thereby broadening the threat horizon. This evolution poses significant risks not only to the defence sector but also to global security and economic stability. As these sophisticated attacks continue to proliferate, organisations across various industries must enhance their cyber-defence strategies to safeguard sensitive information and personnel against an ever-evolving array of threats.
