From Our Community

From Moscow to Pyongyang: Cyber threats revealed by Sandra Joyce at the Tallinn Digital Summit 

The accelerating complexity of cyber threats demands urgent collaboration between public and private sectors.

That was the central theme of Sandra Joyce’s keynote address at the Tallinn Digital Summit 2024, where she shared alarming updates about nation-state cyber operations and underscored the growing risks posed by emerging technologies and adversarial tactics. 

Joyce, Vice President of Google Threat Intelligence, opened her address with a warning: “We have to think very clearly about what [we’re] up against. Because there is not just the capability, but drive from the perspective of these folks.” 

The expanding role of Russian cyber sabotage 

Sandra Joyce provided a vivid picture of Russian cyber aggression, particularly through GRU-linked Advanced Persistent Threat (APT) groups such as Sandworm (APT44) and APT28. Sandworm, she revealed, is “right now, as we’re in this room, targeting and continuing to work towards targeting the electrical institutions and organizations across Europe.” 

Meanwhile, APT28 is, “disrupting logistics lines going to Ukraine.” 

Adding to the mix, Joyce highlighted the public-facing nature of Russian sabotage campaigns: “The thing that strikes me is those smiling faces, the disruption, and that they’re so proud of the sabotage that they’re so willing to put out to everybody else.” 

She explained that this hybrid warfare strategy blends cyberattacks with physical sabotage, targeting critical infrastructure while amplifying pro-Russian narratives to weaken NATO cohesion and destabilize Ukrainian morale. 

The North Korean Threat: IT workers as cyber proxies 

The speech took an unexpected turn as Joyce delved into North Korea’s evolving cyber operations. “What’s interesting is that these IT workers are stealing credentials online and getting themselves hired at Fortune 500 companies,” she said. 

These operatives use false identities to infiltrate international organizations, posing both a financial and security risk. As Joyce explained, “This insider threat… represents both a financial risk and a security risk.” 

One startling example detailed an individual managing 12 fake identities simultaneously to gain access to companies in both Europe and the United States. The FBI’s recent investigations revealed the scale of the problem, but as Joyce warned, “Now that it’s becoming more known in the United States, now they’re shifting their focus to Europe.” 

AI: A double-edged sword 

The surge of artificial intelligence (AI) technologies has become a focal point in cybersecurity conversations. While AI offers promising tools for defense—such as anomaly detection and malware analysis—adversaries are also harnessing its potential. 

Joyce shared examples of AI-enabled deepfakes and phishing attacks: Threat actors are using AI to create better spear-phishing tools, better content to do research.” 

However, she emphasised that, so far, AI hasn’t yet revolutionised cyber offence: “We have not yet seen a real AI usage that would surpass what a normal human can do.” She urged defenders to capitalise on this window of opportunity: “We need to take this moment where the innovation is still happening on the defender side.” 

Lessons from Ukraine: Resilience through cloud and continuity 

Reflecting on the lessons learned from the ongoing Russian invasion of Ukraine, Joyce emphasised the importance of cloud infrastructure in maintaining national sovereignty: “One lesson that was learned in Ukraine was that when these wipers were hitting… they were able to switch to cloud very quickly and maintain their sovereignty.” 

She lauded Estonia for its leadership in digital governance, describing the country as “kilometers ahead of everybody else.” 

Building the Cybersecurity Coalition 

As a closing note, Joyce urged for more robust public-private partnerships: “We don’t win this with just government or just industry… putting them together, we should be able to build a much more comprehensive picture.” 

She stressed the necessity of collaboration to protect critical infrastructure: “If you are in a room trying to solve for a threat… and the private sector isn’t there, we’re going to lose.” 

Staying ahead in a rapidly changing environment 

Closing her keynote, Joyce posed a stark challenge to attendees: “The regulatory environment, the threat environment…if we are not changing from inside to match the threats that are outside, we are not going to win what we’re doing.” 

Her message was clear: The threat landscape is growing more sophisticated, but with proactive collaboration and adaptive strategies, there is an opportunity to stay one step ahead. 


Read the complete article at From Moscow to Pyongyang: Cyber Threats Revealed by Sandra Joyce at the Tallinn Digital Summit 


This content has been produced in collaboration with a partner organisation through our Global Visibility Programme. Our programme helps companies and organisations boost their digital presence and strengthen the thought leadership of their experts. Find out more here.