Constella Intelligence

Hybrid Security Threats and Malign Influence Campaigns

As the digital landscape grows larger, the world continues to feel smaller. Nearly everything is a just a few clicks away. With greater accessibility come more vulnerabilities—one of the most significant challenges organizations and security specialists face today. This topic and more were discussed at the 13th annual Aspen Security Forum, which welcomed more than 70 global leaders—including Central Intelligence Agency Director William J. Burns—to discuss the United States’ most pressing national security and foreign policy issues.

Constella’s co-founder and COO, Alex Romero, is currently an Aspen Institute Fellow, and Director of Risk Intelligence at Constella, Jonathan Nelson, is an alumnus of the Aspen Institute’s Tech & Society Program. In light of the 2022 forum, Jonathan and Alex developed the following takeaways. These key ideas consider the quickly developing challenges impacting the information ecosystem, along with the diverse social and institutional stakeholders impacted by evolving tactics and dynamics of malign influence.

Geographic proximity to threats is no longer the primary measure of risk

Jonathan Nelson headshot

Jonathan Nelson

Director, Risk Intelligence

Raising public awareness related to the challenges in our (relatively) new digital sphere is critical. Moreover, strengthening civil society and public institutions to reinforce public trust and ensure resilience in the face of evolving information-driven threats will become even more important. To do so, new principles of the digital sphere in which individuals and businesses operate is paramount. One of these new principles is the fact that geographic proximity to threats is no longer a valid measure of risk. Borders are not an inherent feature of the cyber and digital space. In this new paradigm, we are all neighbors on the internet. This logic applies to the models of risk assessment that we may apply to understand actors, domains, platforms, and technologies in cyberspace and their proximity or level of integration within distinct digital and technological ecosystems. Conflicts centered on competing narratives, influence, and hybrid informational threats targeting (borderless, in the traditional sense) virtual infrastructures demand new ways of thinking to understand, address, and build resilience against risk and emerging threats.

Identity-based attacks targeting individuals are becoming a core focus for threat actors

Burns discussed the United States’ ongoing support for Ukraine despite Russia’s efforts to grind down military forces and outlast the alliance. While Russia has transitioned to its traditional war methods in Ukraine’s eastern region, Burns expressed confidence in resistance forces on the ground as Ukrainians continue to receive weaponry and munitions from the United States. However, physical warfare is only one dimension of the conflict. As Ukraine and neighboring countries transition their technological infrastructure to the cloud, we’ve identified significant trends of Advanced Persistent Threats (APTs) and cybercriminals shifting their efforts towards lower friction vectors of attack, increasingly focusing on identity-based attacks targeting individuals. The supplantation of identities is a continuously growing attack vector for malign actors, as evidenced by the infiltration and proliferation of APTs such as Lapsus$. Further, in assessing the readiness of critical infrastructure organizations to manage these risks and defend against targeted threats, Constella’s analyses have identified exposures of corporate credentials from nearly 50% of sampled executives from Fortune 500 energy companies. This level of exposure of personally identifiable information (PII) at such a high level of privileged access within critical infrastructure organizations signals significant risk in a period where identity and PII are crucial vectors for geopolitically motivated attacks.

Energy-sector-credential-exposures
Fortune 500 corporate credential exposures via Constella 2021 Energy Sector Exposure Report

Hybrid threats have the power to destabilize public discourse and infrastructure

The convergence of cybersecurity and kinetic attacks is important to note, as these hybrid threats are related elements of complex, multi-pronged efforts to destabilize infrastructure and undermine public trust. Narrative-driven malign influence and disinformation campaigns wield significant potential to rapidly diffuse false narratives and undermine public confidence in key public and private entities, sowing discord and leading to a deterioration of important discourse and sense-making during times of conflict and uncertainty. As we identify APT (Advanced Persistent Threat actors) in cyberspace, at Constella we are also analyzing and classifying APMs, or Advanced Persistent Manipulators. This process is becoming even more critical, as unmasking APMs also exposes the infrastructure being used, from servers to fake news sites or blogs and even undercover PR agencies in some cases of sophisticated malign influence campaigns. It is important to connect the components that characterize this sequence of events in which the harm inflicted by cyber and kinetic attacks are amplified and entrenched through disinformation and malign influence operations.

Evidence of these deeply entrenched influence campaigns has emerged in a recent case that is indicative of a much broader Justice Department crackdown on foreign influence operations aimed at shaping public opinion in the U.S. Just last week, the U.S. Justice Department revealed that A Russian operative working on behalf of the Kremlin’s intelligence services has been charged with recruiting political groups in the U.S. to advance pro-Russia propaganda, including during this year’s invasion of Ukraine.

“As court documents show, Ionov allegedly orchestrated a brazen influence campaign, turning U.S. political groups and U.S. citizens into instruments of the Russian government,” Assistant Attorney General Matthew Olsen, the head of the Justice Department’s National Security Division, commented in a statement.

Further, the dissemination of false narratives connected with the war in Ukraine in the LATAM, Asian and African regions by official embassy accounts and channels or state-sponsored media from specific countries exemplifies the role of diverse actors in uncritically amplifying messages and promoting targeted narratives in the service of broader geopolitical goals.

Malign influence campaigns have the power to undermine public trust in the key processes, institutions, and leadership—an effect that is even more pronounced in periods of instability and crisis. In a polarized and often hostile digital sphere, it is more important now than ever before for public and private entities to understand how to navigate this environment and safeguard against these vulnerabilities. Doing so can help them best prevent, prepare for, and respond to the diverse types of identity-based and hybrid attacks that are increasingly targeting individuals, companies, and institutions.