Google’s Threat Intelligence Group has released a new report underscoring the rising threat of cybercrime to national security. The findings make a compelling case for policymakers to treat cybercriminal activity with the same urgency as state-sponsored operations, as the lines between the two continue to blur.
Cybercrime as a Geopolitical Tool
The report reveals how cybercriminal tactics are increasingly being co-opted by nation-states to further their strategic interests. The so-called “Big Four” cyber players—Russia, China, Iran, and North Korea—are leveraging financially motivated cyber operations for both espionage and economic gain:
- Russia: Facing military and economic pressure following the invasion of Ukraine, Russia has turned to cybercriminals for espionage and disruptive operations, using their expertise and resources to advance state objectives.
- China: Groups like APT41 have seamlessly integrated ransomware with intelligence-gathering efforts, creating a murky overlap between financially motivated attacks and state-sponsored cyber-espionage.
- Iran: Economic struggles have driven Iranian threat actors to rely on ransomware and hack-and-leak tactics, generating revenue while simultaneously destabilising adversaries.
- North Korea: Cybercrime has become a primary revenue stream for the regime, with cryptocurrency heists funding missile development, nuclear ambitions, and the country’s operational expenses, all while sidestepping international sanctions.
Ben Read, Senior Manager at Google Threat Intelligence Group states: “The vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states. These capabilities can be cheaper and more deniable than those developed directly by a state. These threats have been looked at as distinct for too long, but the reality is that combating cybercrime will help defend against state-backed attacks.”
A Growing and Destabilising Force
Cybercrime is no longer just a financial nuisance—it is a destabilising force that threatens critical infrastructure and public safety. In 2024, Mandiant Consulting responded to nearly four times more incidents attributed to financially motivated actors than to state-backed groups. This shift highlights how cybercrime has evolved into a key national security issue.
The effects of cyberattacks go far beyond financial losses. When hospitals fall victim to ransomware, patient care is jeopardised. When power grids are attacked, entire communities face significant risk. The erosion of public trust in essential services is an alarming consequence that policymakers can no longer afford to overlook.
A Call for Urgent Action
The growing convergence of cybercrime and state-sponsored hacking underscores the need for a stronger, more coordinated response. The report calls for international cooperation to tackle this evolving threat, recognising cybercrime as a national security priority on par with conventional military and intelligence threats.
Addressing this challenge requires a shift in mindset: cybercrime is not just a problem for corporations and financial institutions—it is a direct threat to national stability. As cybercriminal groups continue to evolve and integrate with state-backed operations, governments worldwide must adopt robust strategies to counteract their influence, disrupt their networks, and safeguard critical infrastructure.
“Cybercrime has unquestionably become a critical national security threat to countries around the world. The marketplace at the centre of the cybercrime ecosystem has made every actor easily replaceable and the whole problem resilient to disruption. Unfortunately, many of our actions have amounted to temporary inconveniences for these criminals, but we can’t treat this like a nuisance and we will have to work harder to make meaningful impacts,” said Sandra Joyce, VP, Google Threat Intelligence.
Cybercrime is no longer an isolated concern—it is a global crisis demanding immediate and decisive action.
