Cyber crime is now a serious threat to the security of Western nations, according to a Google report released just before the 2025 Munich Security Conference. This weekend marks the 61st Atlanticist conference, which started in 1963 to strengthen ties between West Germany, the US, and other NATO allies.
The Google Threat Intelligence Group’s report, titled “Cyber crime: A multifaceted national security threat,” urges Western policymakers to treat cyber crime with the same urgency as threats from nation-states. Ben Read, a senior manager at the group, emphasizes that the vast world of cyber crime is fueling state-sponsored hacking. He notes that criminals provide malware and vulnerabilities that states can use, often more affordably and discreetly than developing their own tools.
The report highlights the connection between hostile nation-states—particularly Russia, China, Iran, and North Korea—and cyber criminal groups. These states are increasingly leveraging these groups to advance their geopolitical agendas. The impact of cyber crime is also deep, affecting economic stability and critical infrastructures, including healthcare. For instance, healthcare-related posts on data leak sites have doubled in the past three years. The report cites an alarming case from March 2024, where a member of the Russian Anonymous Marketplace sought unauthorized access to Dutch and French medical institutions and offered extra payments for hospitals, especially those managing emergency services.
The so-called “Big Four”—Russia, China, Iran, and North Korea—are employing cyber crime for espionage and disruptive operations. Russia, for example, has mobilized cyber criminals to support its war efforts in Ukraine. The report mentions APT44, linked to Russian military intelligence, which utilizes malware from cyber crime to carry out espionage.
Another player is UNC2589, associated with Russia’s GRU, which has conducted extensive cyber operations against Ukraine. The report also discusses the CIGAR group, which transitioned from cyber crime to espionage in support of Russian state goals, conducting phishing campaigns targeting military entities in Ukraine since late 2022.
Turning to China, the report notes that groups like APT41 mix ransomware activities with traditional espionage. These tactics confuse attribution, masking the true nature of their operations. APT41 is believed to be linked to the Chinese Ministry of State Security and has a history of financially motivated cyber crime, particularly in the video game industry.
Iran appears to be channeling its economic struggles into cyber crime, while North Korea reportedly relies on cryptocurrency theft to fund its missile and nuclear programs.
The consequences of cyber crime extend beyond financial losses. They erode public trust, destabilize essential services, and in severe cases, can result in loss of life. The report argues that the blending of cyber crime and state-sponsored hacking necessitates a response equivalent to dealing with nation-state threats.
The authors warn that when one cyber crime group is disrupted, another quickly takes its place. Effectively combating these threats will require collaboration among countries and across public and private sectors, focusing on education and resilience.
Sandra Joyce, vice president of the Google Threat Intelligence Group, underscores that cyber crime must be recognized as a critical national security threat worldwide. She points out that the current approach merely inconveniences cyber criminals rather than making meaningful progress. The ecosystem is so resilient that we need to elevate the status of cyber crime in national security priorities and adopt best practices from the private sector to combat it effectively.