Beyond the Rhetoric: How State-Level Information Operations Target Your Infrastructure

TLDR: Information warfare is no longer just about propaganda; it is a technical discipline that integrates non-kinetic operations with cyber infrastructure. By analyzing the military doctrines of China and Russia, researchers can identify how these actors use state-controlled media and internet infrastructure to manipulate public perception and target specific technical environments. Understanding these patterns allows security professionals to better anticipate and defend against the sophisticated, non-kinetic campaigns that often precede or accompany traditional cyberattacks.

Modern threat intelligence often fixates on the latest zero-day or the most recent ransomware strain. While those are critical, they represent only the tip of the spear. The real-world risk to your organization often arrives long before a payload is executed. It arrives as a coordinated information operation designed to shape the environment, influence decision-makers, and erode trust in your security infrastructure.

The recent research presented at DEF CON 2024 by Gregory Carpenter highlights a shift in how state-level actors view the information environment. These actors do not treat information warfare as a separate, soft-power activity. Instead, they integrate it directly into their military and cyber doctrines. For a pentester or a security researcher, this means the "target" is not just a server or a database; it is the entire ecosystem of information that surrounds your organization.

The Mechanics of Non-Kinetic Operations

State-level actors, particularly those in China and Russia, have developed sophisticated frameworks for information warfare that rely on controlling the meaning of words and the perception of reality. This is not merely about spreading misinformation. It is about creating an information environment where your organization is forced to operate on the adversary's terms.

In the Chinese model, the focus is on the integration of information warfare with non-kinetic activities. This involves a deep understanding of how to manipulate public opinion and influence the decision-making processes of foreign entities. The doctrine emphasizes the use of state-controlled media and internet infrastructure to create a narrative that serves strategic goals. For example, the National Defense University of the People's Liberation Army curriculum explicitly teaches the integration of information warfare with military strategy. This is not a theoretical exercise; it is a practical guide for how to operate in a contested information environment.

The Russian approach, while sharing similar goals, is often more focused on the use of propaganda to create internal and external divisions. The Russian Ministry of Defense has long utilized state-controlled media to shape the narrative around its operations. This involves the use of sophisticated propaganda techniques that are designed to be difficult to detect and even harder to counter.

Identifying the Patterns in Your Engagements

When you are conducting a red team engagement or a penetration test, you are likely looking for technical vulnerabilities. However, you should also be looking for the patterns of information warfare that often accompany these attacks. Are there signs of coordinated information operations targeting your client? Is there an unusual amount of activity on social media or state-controlled news outlets that coincides with the technical attacks?

These are the questions that can help you identify the broader context of an attack. By understanding the patterns of information warfare, you can better anticipate the adversary's next move and provide your client with a more comprehensive security assessment.

For instance, consider the OWASP Top 10 vulnerabilities. While these are technical issues, they can also be used as part of a broader information operation. An attacker might use a simple SQL injection to gain access to a database and then use that access to plant misinformation or to exfiltrate sensitive information that can be used to shape public perception.

Defensive Strategies for a Contested Environment

Defending against these types of operations requires a shift in mindset. You cannot rely on traditional security measures alone. You need to develop a comprehensive strategy that includes:

• Monitoring the information environment: Keep a close eye on social media and state-controlled news outlets for signs of coordinated information operations.
• Building resilience: Develop a culture of security that encourages employees to be skeptical of information and to report suspicious activity.
• Engaging with the community: Share your findings with the security community and work together to develop better defenses against these types of operations.

The information environment is a contested space, and it is only going to become more so. By understanding the patterns of information warfare and by developing a comprehensive security strategy, you can help your organization to navigate this environment and to protect its assets from the sophisticated, non-kinetic campaigns that are becoming increasingly common.

The next time you are conducting a security assessment, take a step back and look at the bigger picture. What is the information environment telling you? What are the patterns of information warfare that you can identify? These are the questions that will help you to provide your client with a more comprehensive and effective security assessment. The adversary is not just targeting your infrastructure; they are targeting your reality. It is time to start defending it.