South China Morning Post
Advertisement
Advertisement
Wagner Group fighters in Russia on June 24. Digital mercenaries are expanding and remain relatively unnoticed compared to their boots-on-the-ground counterparts. Photo: AFP
Opinion
Asian Angle
by Alessandro Arduino
Asian Angle
by Alessandro Arduino

After Wagner Group, mercenaries prowl cyber grey zone amid rise in spy-for-hire services

  • Cyber mercenaries have been expanding their footprint to take advantage of a larger market for spyware and cyber-offensive operations
  • Discerning cybersecurity firms from cyber mercenaries becomes all the more challenging in the lawless expanse of the internet’s Wild West
Alessandro Arduino
Alessandro Arduino
Why you can trust SCMP
The Wagner Group’s brief mutiny in Russia has reignited the debate of governments contracting cyber mercenaries.
The group, founded in 2014 by Yevgeny Prigozhin and denounced by the United States as a transnational criminal organisation, had at its peak about 50,000 mercenary recruits fighting in Ukraine. It has been accused of unleashing a resurgence of mercenaries in conflicts.
The latest to expand their footprint – albeit in the shadows – are the cyber mercenaries prowling the grey zone between corporate cybersecurity and offensive cyber operations. Despite their expanding influence, they remain relatively unnoticed compared to their boots-on-the-ground counterparts.
Amid the growing number of sanctions on individuals and companies involved with the Wagner Group, the US Commerce Department on July 18 added two Europe-based spyware companies to its technology export blacklist.
A smartphone with the website of Israel’s NSO Group that made its name with Pegasus spyware. Photo: AFP
The two firms – Greece-based Intellexa S.A. and Cytrox from Hungary – were blacklisted for developing and trafficking in cyber exploits used to gain access to information systems, thereby threatening the privacy and security of individuals and organisations worldwide.
The market for spyware has expanded, triggered in part by the notorious case of NSO, an Israeli company that achieved success selling Pegasus spyware to government intelligence agencies. Spyware, a form of malware, grants hackers remote control over systems, allowing them to monitor targets’ computers and mobile devices.

However, this success story turned into a media nightmare when the spyware was allegedly misused by criminal organisations and to suppress human rights activists.

In this respect, the belief that only governments could develop and deploy sophisticated malware has been shattered.

Intellexa and Cytrox were sanctioned over their link to Predator spyware, as part of US efforts to deter operational use of commercial spyware deemed to pose security risks to the US government or significant risks of improper use by a foreign government or foreign person.
A recent article by The New York Times underlines how the US government still fears that Chinese hackers have inserted malware to disrupt US military operations in the event of a conflict. Yet the role of hackers-for-hire cannot be discounted in states’ competition for cyber domination.
In the shadowy realm of espionage, aside from the spy agencies in the West, China, Russia, Iran and North Korea, cyber criminals have now mastered the art of disruptive cyberattacks, planting malicious apps, and pilfering data from personal mobile phones.

04:19

Russia revolt ends in Wagner leader’s exile but leaves questions about Putin’s authority

Russia revolt ends in Wagner leader’s exile but leaves questions about Putin’s authority

Amid this landscape, a new trend emerges – the commodification of military-grade spyware. Private cybersecurity firms now offer spy-for-hire services, adding a new dimension to the age-old practice of intelligence for hire. Increasing demand, lack of regulation, and a low barrier to entry have all helped make mercenary cyber espionage a fast-growing industry, worth an estimated US$12 billion per year.

Governments are still prone to develop their own tools, as is the case with Iran’s SIAM spyware, a computer program that works behind the scenes of Iranian cellular networks. The system provides its operators a broad menu of remote commands to alter, disrupt, and monitor phones.

According to a 2022 report by US news site The Intercept, these tools possess the capability to monitor the movements of individuals or even large groups, aiding governments in suppressing protests during their nascent stage.

Nevertheless, the availability on the market of hacking tools for hire is an easy fix for any regime looking to fill a security gap for a limited price. Between 2011 and 2023, a study published by Carnegie showed at least 74 governments, including China, contracted with commercial firms to obtain spyware or digital forensics technology.

As mercenaries on the ground thrive in promoting chaos, their cyber counterparts are exploiting the need for state and non-state actors to acquire cyber-offensive capabilities that are easily deployed at the push of a button.

Discerning cybersecurity firms from cyber mercenaries is no simple feat, however. Identifying the moment when private-sector endeavours to bolster government espionage cross the proverbial red line becomes all the more challenging in the lawless expanse of the internet’s Wild West.

The early rise of the Wagner Group offers a telling example. It was cleverly disguised as a private military company despite lacking incorporation and having the Kremlin as its sole client. Failing to distinguish between legitimate cybersecurity firms and cyber mercenaries will only foster a dangerous sense of impunity.

Fighters of Wagner Group near the headquarters of the Southern Military District in the city of Rostov-on-Don, Russia, June 2023. Photo: Reuters

Hacking as a service is a very fluid area, and the line that separates cyber defence from cyber mercenaries is easily blurred. At the same time, the ongoing high demand for intrusion technology contributes to the resilience of the commercial spyware and digital forensics market.

Amid all this, the lucrative and rapidly expanding cybersecurity industry remains susceptible to exploitation.

Despite the Wagner Group’s rise elevating the need to curb the malevolent impact of mercenaries, international endeavours to regulate invasive hacking software and cyber mercenaries remain disjointed and still in their infancy.

The brief but daring armed mutiny of the Wagner Group, advancing towards Moscow and challenging its ultimate owner, therefore serves as a powerful cautionary tale, not just for traditional boots on the ground, but also for those in the cyber realm.

Alessandro Arduino is an affiliate lecturer at the Lau China Institute and King’s College London. He is the author of Money for Mayhem: Mercenaries, Private Military Companies, Drones, and the Future of War.

3