Offensive cyber operations on the rise - AIVD 2024 annual report
Over the past three years, the number of countries developing its offensive cyber operations has sharply increased. Aided by the availability of commercial spyware and the relative ease of launching digital attacks, even less technologically advanced nations are now able to infiltrate devices, networks, and cloud systems. In its 2024 annual report, the Dutch General Intelligence and Security Service (AIVD) raises serious concerns.
China
In 2024, China intensified its efforts to acquire high-end technological knowledge from Western countries, driven by an ambition to dominate critical technologies such as artificial intelligence, quantum computing, robotics, agricultural tech, and pharmaceuticals. This push aligns closely with its parallel goal of rapidly modernizing and expanding its military.
China is the greatest threat to Dutch economic and knowledge security, the AIVD says, as economic espionage undermines the earning capacity of Dutch companies. The protection of knowledge and technology is therefore of great importance to the Netherlands and Europe, the report emphasizes.
China deployed a broad and aggressive espionage strategy, the annual report says. It did so by recruiting Western scientists and employees of high-tech firms, and launching sophisticated cyberattacks against such companies. The Netherlands was a repeated target. For the first time, both the AIVD and the Dutch Military Intelligence and Security Service (MIVD) publicly attributed a cyberattack on a Dutch defense network directly to the Chinese state, citing its clear intent to conduct political and governmental espionage.
China's approach is multifaceted. In addition to illegal espionage, it uses legal but controversial methods, including the acquisition of high-tech companies and the sponsorship of students and researchers embedded in Western academic institutions. These avenues allow the Chinese government to tap into sensitive scientific knowledge, undermining the strategic position and values of countries like the Netherlands.
The threat is compounded by China's “whole-of-society” model, which mandates cooperation with the state from all Chinese citizens and entities - even those abroad. This makes it difficult to identify exactly who is behind individual operations and broadens the range of actors that could pose a threat to Western knowledge security.
Russia
While China focuses on long-term strategic gains through knowledge acquisition, Russia took a more provocative and confrontational stance in 2024. Moscow and affiliated networks engaged in sabotage operations, espionage, and disinformation campaigns across Europe, many of which directly targeted entities supporting Ukraine.
European governments, including those of Poland, the UK, Germany, and the Baltic states, linked numerous violent sabotage incidents to Russian actors. These included arson attacks on infrastructure, planned assassinations, and sabotage of undersea telecommunications. Although similar incidents did not occur in the Netherlands, Dutch intelligence services did identify cyber operations and preparatory actions that may have been intended to lay the groundwork for future sabotage.
Russian cyber actors increasingly focused on military and logistical targets, and sought to destabilize Western support for Ukraine. Their operations blurred the line between state and non-state actors, involving a shifting network of intelligence operatives, criminal groups, and independent “patriotic” hackers. This makes the threat landscape more opaque and unpredictable.
Russia’s actions indicate a belief that its war in Ukraine is part of a broader existential conflict with the West, the AIVD said. Its sabotage campaigns appear aimed not only at disrupting Western arms deliveries but also at gauging NATO’s thresholds and willingness to respond.
A widening cyber battlefield
Beyond China and Russia, 2024 saw an expansion in the number of states developing offensive cyber capabilities, as launching a digital attack program is now easier than ever.
Critical vulnerabilities, especially in mobile devices, routers, and cloud infrastructure, are increasingly exploited. In 2023, two of the most abused software flaws had been known for over two years, highlighting the gap between known risks and actual defenses.
China, in particular, amplified its capabilities by outsourcing parts of its cyber operations to commercial IT firms and data brokers. This allowed Chinese actors to scale up attacks and anonymize their methods further. Similarly, Russia saw a surge in hacker collectives operating in its interest, but not always under its direct control.
Other states joined the fray as well. North Korea used cyber operations to steal intellectual property and cryptocurrency, funding its regime through digital theft. Iran, meanwhile, engaged in information manipulation around the Gaza conflict, using hack-and-leak tactics to shape public perception and discredit critics.
The Netherlands
For the Netherlands, the 2024 AIVD report highlights an increasingly hostile digital environment. As a hub of scientific innovation, logistics, and data infrastructure in Europe, and a vocal supporter of Ukraine, the country has become an attractive target for foreign state actors.
The proliferation of offensive cyber programs, often growing faster than defensive capabilities, presents a significant national and European challenge. The AIVD therefore emphasizes that defending knowledge, economic interests, and democratic values will require a whole-of-society response - not unlike the threat models deployed by its adversaries.
