Overnight on Wednesday, Google Cloud Security released its 2025 Cybersecurity Forecast, revealing how the authoritarian regimes will seek to infiltrate the West. Beijing is set to be particularly “aggressive” and “demonstrate a high risk tolerance”, while the report warns that organisations will “increasingly struggle to defend themselves” against artificial intelligence-powered attacks.

“A variety of campaigns targeted the US presidential election throughout 2024, and we don’t expect operations to immediately cease now that the election is over,” Google wrote in its report.

“China, Russia, and Iran will continue to target the US government throughout the rest of the year and into 2025, likely taking advantage of the administration change to seek a decision advantage.”

China and North Korea will continue to be “very active”, launching ransomware and extortion attacks, according to the report. Pyongyang is set to particularly stage crypto ‘heists’, with the digital currencies – including Bitcoin and Dogecoin – rallying following Mr Trump’s White House win and his appointment of Elon Musk to his incoming administration.

The threats have not just been in the cyber realm. Iranian agents allegedly plotted to assassinate Mr Trump before he was re-elected as president, the US Justice Department said, revealing the barrage of security threats that he faces before he returns to the Oval Office.

Despite Vladimir Putin hailing Mr Trump a “courageous man” and that the US president-elect pledge to end the war in Ukraine “deserves attention”, Moscow was at the top of Google’s cyber threat list.

“In 2025, the Ukraine conflict will likely remain a primary focus of Russian cyber espionage, cyber attack. Outside of Ukraine, Russian cyber espionage will almost certainly continue to support Moscow’s global interests, targeting governments, politicians, civil society, journalists, media outlets, and technology organisations primarily in Europe and NATO member countries.

Australians are likely to be vulnerable to North Korean attacks, the Google report said, using “trojanised open source software packages”. Trojan software is a type of malware that’s disguised as a legitimate program to infect a system with malicious code.

“North Korean cyber espionage operations will continue to support the country’s geopolitical objectives, including targeting government, defence, education, think tank targets,” Google said.

“North Korean actors placed heavy emphasis on supply chain compromises in 2023 and 2024, usually using trojanized open source software packages in social engineering operations targeting software developers, and we expect these tactics to continue into next year.”

Pyongyang is also set to fund its illicit activities via cryptocurrency theft.

“Since 2020, there have been hundreds of Web3 heists reported, which has resulted in over $US12bn in stolen digital assets.

“We anticipate Democratic People’s Republic of Korea threat actors will continue to leverage social engineering tactics when targeting Web3 organisations, as well as targeting the supply chain to gain an initial foothold. Web3 companies will need to invest in enhanced security controls and 24x7 monitoring to help detect attacks earlier in the life cycle to help prevent heists.”

Chinese state-sponsored hackers – which burrowed deep into US telecommunication networks for about eight months before the election, targeting the phones of Donald Trump and others in his campaign – will continue to be “aggressive”, the Google Cloud Secruity report said.

Pro-PRC (People’s Republic of China) information operations (IO) are expected to directly target elections and voters in countries and regions viewed as top strategic priorities for the

PRC, most notably Taiwan and the US.

“This activity is expected to include impersonation of voters, promotion of disinformation about rigged votes, and video content featuring AI-generated news hosts. Pro-PRC IO have been largely ineffective at generating authentic engagement, except for isolated successes. However, narratives and tactics will remain aggressive, including use of ad hominem attacks and intimidation.”

The Israel-Hamas conflict is set to continue to “dominate Iranian state-sponsored cyber threat activity”, fuelling “cyber espionage, disruptive and destructive attacks, and information operations”, the Google report said.

“We are confident that longstanding objectives of regime stability, economic development, and regional influence will continue to drive monitoring of dissidents, key individuals and organisations linked to Iranian or regional politics, and technologies that could support Iran’s military capabilities.”

Google said that companies must “prioritise a proactive and comprehensive approach to cybersecurity” to defend themselves.

“This includes adopting cloud-native security solutions, implementing robust identity and access management controls, and staying ahead of emerging threats through continuous monitoring and threat intelligence.”

Jared LynchTechnology Editor

Jared Lynch is The Australian’s Technology Editor, with a career spanning two decades. Jared is based in Melbourne and has extensive experience in markets, start-ups, media and corporate affairs. His work has gained recognition as a finalist in the Walkley and Quill awards. Previously, he worked at The Australian Financial Review, The Sydney Morning Herald and The Age.

@jaredm_lynch

More related stories

Technology

How a Hobart app developer became a global powerhouse

Hobart software developer James Cuda says without Apple he would not have been able to take on Adobe and count Disney and Pixar as customers.

Read more

Technology

Uber to offer free EV rides at Australian Open

As interest in EVs falls among Australians, ridesharing giant Uber hopes to turn that around. Here’s how you can get a free ride.

Read more