Approximately 120 countries have been developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities.
Asia China According to Fritz, China has expanded its cyber capabilities and military technology by acquiring foreign military technology. Fritz states that the Chinese government uses "new space-based surveillance and intelligence gathering systems,
Anti-satellite weapon, anti-radar, infrared decoys, and false target generators" to assist in this quest, and that they support their "
Informatisation" of their military through "increased education of soldiers in cyber warfare; improving the information network for military training, and has built more virtual laboratories, digital libraries and digital campuses."
Foreign Policy magazine put the size of China's "hacker army" at anywhere from 50,000 to 100,000 individuals.
Diplomatic cables highlight US concerns that China is using access to Microsoft source code and 'harvesting the talents of its private sector' to boost its offensive and defensive capabilities. While China continues to be held responsible for a string of cyber-attacks on a number of public and private institutions in the United States, India, Russia, Canada, and France, the Chinese government denies any involvement in cyber-spying campaigns. The administration maintains the position that China is also victim to an increasing number of cyber-attacks. Most reports about China's cyber warfare capabilities have yet to be confirmed by the
Chinese government. In June 2015, the
United States Office of Personnel Management (OPM) announced that it had been the target of a
data breach targeting the records of as many as four million people. Later,
FBI Director James Comey put the number at 18 million. The
Washington Post has reported that the attack originated in
China, citing unnamed government officials.
Operation Shady RAT is a series of
cyber attacks starting mid-2006, reported by Internet security company
McAfee in August 2011. China is widely believed to be the state actor behind these attacks which hit at least 72 organizations including governments and defense contractors. The 2018 cyberattack on the
Marriott hotel chain that collected personal details of roughly 500 million guests is now known to be a part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, The hackers, are suspected of working on behalf of the
Ministry of State Security (MSS), the country's Communist-controlled civilian spy agency. On 14 September 2020, a database showing personal details of about 2.4 million people around the world was leaked and published. A Chinese company,
Zhenhua Data compiled the database. According to the information from "National Enterprise Credit Information Publicity System", which is run by
State Administration for Market Regulation in China, the shareholders of Zhenhua Data Information Technology Co., Ltd. are two natural persons and one general partnership enterprise whose partners are natural persons. Wang Xuefeng, who is the chief executive and the shareholder of Zhenhua Data, has publicly boasted that he supports "hybrid warfare" through manipulation of public opinion and "psychological warfare". In February 2024 The
Philippines announced that it had successfully fought off a
cyber attack which was traced to hackers in
China. Several government websites were targeted including the National coast watch and personal website of the president of the
Philippines,
Bongbong Marcos. In May 2024 The UK announced that it had taken a database offline that is used by its defense ministry after coming under a cyber attack attributed to the Chinese state.
India The Department of Information Technology created the
Indian Computer Emergency Response Team (CERT-In) in 2004 to thwart cyber attacks in India. That year, there were 23 reported cyber security breaches. In 2011, there were 13,301. That year, the government created a new subdivision, the
National Critical Information Infrastructure Protection Centre (NCIIPC) to thwart attacks against energy, transport, banking, telecom, defense, space and other sensitive areas. The executive director of the
Nuclear Power Corporation of India (NPCIL) stated in February 2013 that his company alone was forced to block up to ten targeted attacks a day. CERT-In was left to protect less critical sectors. A high-profile cyber attack on 12 July 2012 breached the email accounts of about 12,000 people, including those of officials from the
Ministry of External Affairs,
Ministry of Home Affairs,
Defense Research and Development Organizations (DRDO), and the
Indo-Tibetan Border Police (ITBP). In February 2013, Information Technology Secretary J. Satyanarayana stated that the
NCIIPC was finalizing policies related to national cyber security that would focus on domestic security solutions, reducing exposure through foreign technology. On 4 December 2010, a group calling itself the Pakistan Cyber Army hacked the website of India's top investigating agency, the
Central Bureau of Investigation (CBI). The
National Informatics Center (NIC) has begun an inquiry. In July 2016, Cymmetria researchers discovered and revealed the cyber attack dubbed 'Patchwork', which compromised an estimated 2500 corporate and government agencies using code stolen from
GitHub and the
dark web. Examples of weapons used are an exploit for the Sandworm vulnerability (), a compiled AutoIt script, and UAC bypass code dubbed UACME. Targets are believed to be mainly military and political assignments around Southeast Asia and the South China Sea and the attackers are believed to be of Indian origin and gathering intelligence from influential parties. The
Defence Cyber Agency, which is the Indian military agency responsible for cyberwarfare, has been fully operational since August 2021.
Philippines The Chinese are being blamed after a cybersecurity company, F-Secure Labs, found a malware, NanHaiShu, which targeted the Philippines Department of Justice. It sent information in an infected machine to a server with a Chinese IP address. The malware which is considered particularly sophisticated in nature was introduced by phishing emails that were designed to look like they were coming from an authentic sources. The information sent is believed to be relating to the South China Sea legal case.
South Korea In July 2009, there were a
series of coordinated denial of service attacks against major government, news media, and financial websites in
South Korea and the United States. While many thought the attack was directed by North Korea, one researcher traced the attacks to the United Kingdom. Security researcher
Chris Kubecka presented evidence multiple
European Union and
United Kingdom companies unwittingly helped attack South Korea due to a
W32.Dozer infections, malware used in part of the attack. Some of the companies used in the attack were partially owned by several governments, further complicating
cyber attribution. In July 2011, the South Korean company
SK Communications was hacked, resulting in the theft of the personal details (including names, phone numbers, home and email addresses and resident registration numbers) of up to 35 million people. A trojaned software update was used to gain access to the SK Communications network. Links exist between this hack and other malicious activity and it is believed to be part of a broader, concerted hacking effort. With ongoing tensions on the Korean Peninsula,
South Korea's defense ministry stated that South Korea was going to improve cyber-defense strategies in hopes of preparing itself from possible cyber attacks. In March 2013, South Korea's major banks – Shinhan Bank, Woori Bank and NongHyup Bank – as well as many broadcasting stations – KBS, YTN and MBC – were hacked and more than 30,000 computers were affected; it is one of the biggest attacks South Korea has faced in years. Although it remains uncertain as to who was involved in this incident, there has been immediate assertions that North Korea is connected, as it threatened to attack South Korea's government institutions, major national banks and traditional newspapers numerous times – in reaction to the sanctions it received from nuclear testing and to the continuation of
Foal Eagle, South Korea's annual joint military exercise with the United States. North Korea's cyber warfare capabilities raise the alarm for South Korea, as North Korea is increasing its manpower through military academies specializing in hacking. Current figures state that South Korea only has 400 units of specialized personnel, while North Korea has more than 3,000 highly trained hackers; this portrays a huge gap in cyber warfare capabilities and sends a message to South Korea that it has to step up and strengthen its Cyber Warfare Command forces. Therefore, in order to be prepared from future attacks, South Korea and the United States will discuss further about deterrence plans at the Security Consultative Meeting (SCM). At SCM, they plan on developing strategies that focuses on accelerating the deployment of ballistic missiles as well as fostering its defense shield program, known as the Korean Air and Missile Defense.
North Korea Africa Egypt In an extension of a bilateral dispute between
Ethiopia and
Egypt over the
Grand Ethiopian Renaissance Dam, Ethiopian government websites have been hacked by the Egypt-based hackers in June 2020.
Europe Cyprus The New York Times published an exposé revealing an extensive three-year phishing campaign aimed against diplomats based in
Cyprus. After accessing the state system the hackers had access to the
European Union's entire exchange database. By login into
Coreu, hackers accessed communications linking all
EU states, on both sensitive and not so sensitive matters. The event exposed poor protection of routine exchanges among European Union officials and a coordinated effort from a foreign entity to spy on another country. "After over a decade of experience countering Chinese cyberoperations and extensive technical analysis, there is no doubt this campaign is connected to the Chinese government", said Blake Darche, one of the
Area 1 Security experts – the company revealing the stolen documents. The Chinese Embassy in the US did not return calls for comment. In 2019, another coordinated effort took place that allowed hackers to gain access to government (gov.cy) emails.
Cisco's Talos Security Department revealed that "Sea Turtle" hackers carried out a broad piracy campaign in the DNS countries, hitting 40 different organizations, including Cyprus.
Estonia In April 2007, Estonia
came under cyber attack in the wake of relocation of the
Bronze Soldier of Tallinn. The largest part of the attacks were coming from Russia and from official servers of the authorities of Russia. In the attack, ministries, banks, and media were targeted. This attack on Estonia, a seemingly small Baltic state, was so effective because of how most of Estonian government services are run online. Estonia has implemented an e-government, where banking services, political elections, taxes, and other components of a modern society are now all done online.
France In 2013, the French Minister of Defense, Mr
Jean-Yves Le Drian, ordered the creation of a cyber army, representing its fourth national army corps (along with ground, naval and air forces) under the French Ministry of Defense, to protect French and European interests on its soil and abroad. A contract was made with French firm
EADS (
Airbus) to identify and secure its main elements susceptible to cyber threats. In 2016 France had planned 2600 "cyber-soldiers" and a 440 million euros investment for cybersecurity products for this new army corps. An additional 4400 reservists constitute the heart of this army from 2019.
Germany In 2013, Germany revealed the existence of their 60-person Computer Network Operation unit. The German intelligence agency,
BND, announced it was seeking to hire 130 "hackers" for a new "
cyber defence station" unit. In March 2013, BND president
Gerhard Schindler announced that his agency had observed up to five attacks a day on government authorities, thought mainly to originate in China. He confirmed the attackers had so far only accessed data and expressed concern that the stolen information could be used as the basis of future sabotage attacks against arms manufacturers, telecommunications companies and government and military agencies. Shortly after
Edward Snowden leaked details of the U.S.
National Security Agency's cyber surveillance system, German Interior Minister
Hans-Peter Friedrich announced that the BND would be given an additional budget of 100 million Euros to increase their cyber surveillance capability from 5% of total internet traffic in Germany to 20% of total traffic, the maximum amount allowed by German law.
Netherlands In the
Netherlands, Cyber Defense is nationally coordinated by the
National Cyber Security Centre (NCSC). The
Dutch Ministry of Defense laid out a cyber strategy in 2011. The first focus was to improve the cyber defense handled by the Joint IT command (JIVC). To improve intel operations, the intel community in the Netherlands (including the military intel organization, MIVD) has set up the Joint Sigint Cyber Unit (JSCU). The Ministry of Defense oversees an offensive cyber force, called the Defense Cyber Command (DCC).
Norway Russia It has been claimed that Russian security services organized a number of
denial of service attacks as a part of their
cyber-warfare against other countries, most notably the
2007 cyberattacks on Estonia and the
2008 cyberattacks on Russia, South Ossetia, Georgia, and Azerbaijan. One identified young Russian hacker said that he was paid by
Russian state security services to lead hacking attacks on
NATO computers. He was studying
computer sciences at the
Department of the Defense of Information. His tuition was paid for by the FSB.
Russian, South Ossetian, Georgian and Azerbaijani sites were attacked by hackers during the
2008 South Ossetia War. In October 2016,
Jeh Johnson the
United States Secretary of Homeland Security and
James Clapper the U.S.
Director of National Intelligence issued a joint statement accusing Russia of
interfering with the 2016 United States presidential election. The New York Times reported the Obama administration formally accused Russia of stealing and disclosing
Democratic National Committee emails. Under U.S. law (50 U.S.C.Title 50 – War and National Defense, Chapter 15 – National Security, Subchapter III Accountability for Intelligence Activities) there must be a formal
Presidential finding prior to authorizing a covert attack. Then U.S. vice president
Joe Biden said on the American news interview program
Meet The Press that the United States will respond. The New York Times noted that Biden's comment "seems to suggest that Mr. Obama is prepared to order – or has already ordered – some kind of covert action".
Sweden In January 2017,
Sweden's armed forces were subjected to a cyber-attack that caused them to shutdown a so-called Caxcis IT system used in
military exercises.
Ukraine According to
CrowdStrike from 2014 to 2016, the Russian APT
Fancy Bear used Android malware to target the Ukrainian Army's
Rocket Forces and Artillery. They distributed an infected version of an
Android app whose original purpose was to control targeting data for the
D-30 Howitzer artillery. The app, used by Ukrainian officers, was loaded with the
X-Agent spyware and posted online on military forums. The attack was claimed by Crowd-Strike to be successful, with more than 80% of Ukrainian D-30 Howitzers destroyed, the highest percentage loss of any artillery pieces in the army (a percentage that had never been previously reported and would mean the loss of nearly the entire arsenal of the biggest artillery piece of the
Ukrainian Armed Forces). According to the
Ukrainian army this number is incorrect and that losses in artillery weapons "were way below those reported" and that these losses "have nothing to do with the stated cause". In 2014, the Russians were suspected to use a cyber weapon called "
Snake", or "Ouroboros," to conduct a cyber attack on Ukraine during a period of political turmoil. The Snake tool kit began spreading into Ukrainian computer systems in 2010. It performed Computer Network Exploitation (CNE), as well as highly sophisticated Computer Network Attacks (CNA). On 23 December 2015 the
Black-Energy malware was used in
a cyberattack on Ukraine's power-grid that left more than 200,000 people temporarily without power. A mining company and a large railway operator were also victims of the attack. Ukraine saw a massive surge in cyber attacks during the
2022 Russian invasion of Ukraine. Several websites belonging to Ukrainian banks and government departments became inaccessible.
United Kingdom MI6 reportedly infiltrated an Al Qaeda website and replaced the instructions for making a
pipe bomb with the recipe for making
cupcakes. In October 2010,
Iain Lobban, the director of the
Government Communications Headquarters (GCHQ), said the UK faces a "real and credible" threat from cyber attacks by hostile states and criminals and government systems are targeted 1,000 times each month, such attacks threatened the UK's economic future, and some countries were already using cyber assaults to put pressure on other nations. On 12 November 2013, financial organizations in London conducted cyber war games dubbed "Waking Shark 2" to simulate massive internet-based attacks against bank and other financial organizations. The Waking Shark 2 cyber war games followed a similar exercise in
Wall Street.
Middle East Iran Iran has been both victim and perpetrator of several cyberwarfare operations. Iran is considered an emerging
military power in the field. In September 2010,
Iran was attacked by the
Stuxnet worm, thought to specifically target its
Natanz nuclear enrichment facility. It was a 500-kilobyte computer worm that infected at least 14 industrial sites in Iran, including the Natanz uranium-enrichment plant. Although the official authors of Stuxnet haven't been officially identified, Stuxnet is believed to be developed and deployed by the United States and Israel. The worm is said to be the most advanced piece of malware ever discovered and significantly increases the profile of cyberwarfare. Iranian Cyber Police department, FATA, was dismissed one year after its creation in 2011 because of the arrest and death of Sattar Behesti, a blogger, in the custody of FATA. Since then, the main responsible institution for the cyberwarfare in Iran is the "Cyber Defense Command" operating under the
Joint Staff of Iranian Armed Forces. The Iranian state sponsored group
MuddyWater is active since at least 2017 and is responsible for many cyber attacks on various sectors.
Israel In the 2006 war against
Hezbollah, Israel alleges that cyber-warfare was part of the conflict, where the
Israel Defense Forces (IDF) intelligence estimates several countries in the Middle East used Russian hackers and scientists to operate on their behalf. As a result, Israel attached growing importance to cyber-tactics, and became, along with the U.S., France and a couple of other nations, involved in cyber-war planning. Many international high-tech companies are now locating research and development operations in Israel, where local hires are often veterans of the IDF's elite computer units.
Richard A. Clarke adds that "our Israeli friends have learned a thing or two from the programs we have been working on for more than two decades." in Syria dubbed
Operation Orchard. U.S. industry and military sources speculated that the Israelis may have used cyberwarfare to allow their planes to pass undetected by radar into Syria. Following US President
Donald Trump's decision to pull out of the
Iran nuclear deal in May 2018, cyber warfare units in the United States and Israel monitoring internet traffic out of Iran noted a surge in retaliatory cyber attacks from Iran. Security firms warned that Iranian hackers were sending emails containing malware to diplomats who work in the foreign affairs offices of US allies and employees at telecommunications companies, trying to infiltrate their computer systems. In 2025, Israel emerged as the most targeted country globally for geopolitically motivated cyberattacks, surpassing the United States and Ukraine. According to the 2026 Global Threat Analysis Report by
Radware, Israel was the target of 12.2% of all claimed ideologically driven attacks worldwide. This period was characterized by a 168% surge in network-layer
DDoS attacks with operations characterized as a form of "hybrid warfare" involving state-sponsored and hacktivist groups, such as the pro-Russian NoName057(16) and the pro-Iranian Arabian Ghosts, aimed at disrupting critical infrastructure and government services.
Saudi Arabia On 15 August 2012 at 11:08 am local time, the
Shamoon virus began destroying over 35,000 computer systems, rendering them inoperable. The virus used to target the
Saudi government by causing destruction to the state owned national oil company
Saudi Aramco. The attackers posted a pastie on PasteBin.com hours prior to the wiper logic bomb occurring, citing oppression and the
Al-Saud regime as a reason behind the attack. The attack was well staged according to
Chris Kubecka, a former security advisor to Saudi Aramco after the attack and group leader of security for Aramco Overseas. It was an unnamed Saudi Aramco employee on the Information Technology team which opened a malicious phishing email, allowing initial entry into the computer network around mid-2012. Kubecka also detailed in her Black Hat USA talk Saudi Aramco placed the majority of their security budget on the ICS control network, leaving the business network at risk for a major incident. Shamoon can spread from an infected machine to
other computers on the network. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, upload them to the attacker, and erase them. Finally the virus overwrites the
master boot record of the infected computer, making it unusable. The virus has been used for
cyber warfare against the national oil companies Saudi Aramco and Qatar's
RasGas. Saudi Aramco announced the attack on their Facebook page and went offline again until a company statement was issued on 25 August 2012. The statement falsely reported normal business was resumed on 25 August 2012. However a Middle Eastern journalist leaked photographs taken on 1 September 2012 showing kilometers of petrol trucks unable to be loaded due to backed business systems still inoperable. On 29 August 2012 the same attackers behind Shamoon posted another pastie on PasteBin.com, taunting Saudi Aramco with proof they still retained access to the company network. The post contained the username and password on security and network equipment and the new password for the CEO Khalid Al- Falih The attackers also referenced a portion of the Shamoon malware as further proof in the pastie. According to Kubecka, in order to restore operations. Saudi Aramco used its large private fleet of aircraft and available funds to purchase much of the world's hard drives, driving the price up. New hard drives were required as quickly as possible so oil prices were not affected by speculation. By 1 September 2012 gasoline resources were dwindling for the public of Saudi Arabia 17 days after the 15 August attack.
RasGas was also affected by a different variant, crippling them in a similar manner.
Qatar In March 2018 American Republican fundraiser Elliott Broidy filed a lawsuit against Qatar, alleging that Qatar's government stole and leaked his emails in order to discredit him because he was viewed "as an impediment to their plan to improve the country's standing in Washington." In May 2018, the lawsuit named
Mohammed bin Hamad bin Khalifa Al Thani, brother of the Emir of Qatar, and his associate
Ahmed Al-Rumaihi, as allegedly orchestrating Qatar's cyber warfare campaign against Broidy. Further litigation revealed that the same cybercriminals who targeted Broidy had targeted as many as 1,200 other individuals, some of whom are also "well-known enemies of Qatar" such as senior officials of the U.A.E., Egypt, Saudi Arabia, and Bahrain. While these hackers almost always obscured their location, some of their activity was traced to a telecommunication network in Qatar.
United Arab Emirates The
United Arab Emirates has launched several cyber-attacks in the past targeting dissidents.
Ahmed Mansoor, an Emirati citizen, was jailed for sharing his thoughts on
Facebook and
Twitter. He was given the code name Egret under the state-led covert project called Raven, which spied on top political opponents, dissidents, and journalists.
Project Raven deployed a secret hacking tool called Karma, to spy without requiring the target to engage with any web links. In September 2021, three of the former American intelligence officers, Marc Baier, Ryan Adams, and Daniel Gericke, admitted to assisting the UAE in hacking crimes by providing them with advanced technology and violating US laws. Under a three-year
deferred prosecution agreement with the Justice Department, the three defendants also agreed to pay nearly $1.7 million in fines to evade prison sentences. The court documents revealed that the Emirates hacked into the computers and mobile phones of dissidents, activists, and journalists. They also attempted to break into the systems of the US and rest of the world.
North America United States Cyberwarfare in the United States is a part of the American
military strategy of
proactive cyber defence and the use of cyberwarfare as a platform for attack. The new United States military strategy makes explicit that a cyberattack is
casus belli just as a traditional act of war. U.S. government security expert
Richard A. Clarke, in his book
Cyber War (May 2010), had defined "cyberwarfare" as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption." and
William J. Lynn, U.S. Deputy
Secretary of Defense, states that "as a doctrinal matter,
the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space." When Russia was still a part of the
Soviet Union in 1982, a portion of a Trans-Siberia pipeline within its territory exploded, allegedly due to a
Trojan Horse computer malware implanted in the pirated Canadian software by the
Central Intelligence Agency. The malware caused the SCADA system running the pipeline to malfunction. The "Farewell Dossier" provided information on this attack, and wrote that compromised computer chips would become a part of Soviet military equipment, flawed turbines would be placed in the gas pipeline, and defective plans would disrupt the output of chemical plants and a tractor factory. This caused the "most monumental nonnuclear explosion and fire ever seen from space." However, the Soviet Union did not blame the United States for the attack. In 2009, president Barack Obama declared America's digital infrastructure to be a "strategic national asset," and in May 2010 the Pentagon set up its new U.S. Cyber Command (
USCYBERCOM), headed by General
Keith B. Alexander, director of the
National Security Agency (NSA), to defend American military networks and attack other countries' systems. The EU has set up
ENISA (European Union Agency for Network and Information Security) which is headed by Prof. Udo Helmbrecht and there are now further plans to significantly expand ENISA's capabilities. The United Kingdom has also set up a cyber-security and "operations centre" based in
Government Communications Headquarters (GCHQ), the British equivalent of the NSA. In the U.S. however, Cyber Command is only set up to protect the military, whereas the government and corporate infrastructures are primarily the responsibility respectively of the
Department of Homeland Security and private companies. which he co-wrote with Senator
Susan Collins (R-ME) and Senator
Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "
Kill switch bill", would grant the president emergency powers over parts of the Internet. However, all three co-authors of the bill issued a statement that instead, the bill "[narrowed] existing broad presidential authority to take over telecommunications networks". In August 2010, the U.S. for the first time warned publicly about the Chinese military's use of civilian computer experts in clandestine cyber attacks aimed at American companies and government agencies. The Pentagon also pointed to an alleged China-based computer spying network dubbed
GhostNet which was revealed in a 2009 research report. On 6 October 2011, it was announced that
Creech AFB's
drone and Predator fleet's
command and control data stream had been
keylogged, resisting all attempts to reverse the exploit, for the past two weeks. The Air Force issued a statement that the virus had "posed no threat to our operational mission". On 21 November 2011, it was widely reported in the U.S. media that a hacker had destroyed a water pump at the Curran-Gardner Township Public Water District in Illinois. However, it later turned out that this information was not only false, but had been inappropriately leaked from the Illinois Statewide Terrorism and Intelligence Center. In June 2012
the New York Times reported that president Obama had ordered the cyber attack on Iranian nuclear enrichment facilities. In August 2012, USA Today reported that the US conducted cyberattacks for tactical advantage in Afghanistan. According to a 2013
Foreign Policy magazine article, NSA's
Tailored Access Operations (TAO) unit "has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People's Republic of China." In 2014, Barack Obama ordered an intensification of cyberwarfare against
North Korea's missile program for sabotaging test launches in their opening seconds. On 24 November 2014,
Sony Pictures Entertainment hack was a release of confidential data belonging to Sony Pictures Entertainment (SPE). In 2016 President Barack Obama authorized the planting of cyber weapons in Russian infrastructure in the final weeks of his presidency in response to Moscow's interference in the 2016 presidential election. On 29 December 2016 United States imposed the most extensive sanctions against Russia since the
Cold War, expelling 35 Russian diplomats from the United States. Economic sanctions are the most frequently used the foreign policy instruments by the United States today Thus, it is not surprising to see that economic sanctions are also used as counter policies against cyberattacks. According to Onder (2021), economic sanctions are also information gathering mechanisms for the sanctioning states about the capabilities of the sanctioned states. In March 2017, WikiLeaks published more than 8,000 documents on the
CIA. The confidential documents, codenamed
Vault 7 and dated from 2013 to 2016, include details on CIA's software capabilities, such as the ability to compromise
cars,
smart TVs,
web browsers (including
Google Chrome,
Microsoft Edge,
Mozilla Firefox, and
Opera Software ASA), and the operating systems of most
smartphones (including
Apple's
iOS and
Google's
Android), as well as other
operating systems such as
Microsoft Windows,
macOS, and
Linux. In June 2019, the
New York Times reported that American hackers from the
United States Cyber Command planted malware potentially capable of disrupting the
Russian electrical grid. In June 2023, the
National Security Agency and
Apple were accused by the Russian
Federal Security Service (FSB) of compromising thousands of
iPhones, including those of diplomats from China, Israel, NATO members, and Syria.
Kaspersky Lab said many of its senior staff and managers were also hit by the ongoing attack, which it first suspected in early 2023. The oldest traces of infiltration date back to 2019. Kaspersky Lab said it had not shared the findings with Russian authorities until the FSB announcement. ==Cyber mercenary==