While the US and its Five Eyes allies often accuse Russia and China of crimes in the cyber domain, one US expert worries that lesser known actors might actually be of greater, immediate concern, according to a report by Mark Pomerleau at Fifth Domain.

“The biggest challenge is we focus too much, especially according to the [National Defense Strategy], on great powers. I think the most cyber activity we’re seeing now is minor or middle powers: UAE, Qatar, Philippines, Vietnam,” said Brandon Valeriano, chair of Armed Politics at the Marine Corps University and a member of the US Cyberspace Solarium Commission.

“That’s where the evolution of cyber conflict really is. I’m worried too much about our great power politics focus. I think we need to think a bit better about the realities of conflict,” he said.

Valeriano, speaking during a panel at CyberCon 2019 Nov. 12, suggested that Russia and China may not be the top cyberthreats.

The 2018 National Defense Strategy was the Department of Defense’s attempt to shift the focus away from counterterrorism operations, such as missions in Afghanistan, to more sophisticated threats from Russia and China, the Fifth Domain reported.

Cyber has been a way for smaller and less powerful groups to achieve their national interests without making major defense investments. North Korea has used it to flout sanctions and fund military projects by stealing money via hacks.

Iran, and its Middle Eastern neighbors, have engaged in cyber spats in recent months.

“In the Middle East, it’s becoming a playground of active operations where many different organizations and countries are able to start putting this into practice. [They are] moving from research and development into operations,” Sergio Caltagirone, vice president of threat intelligence at Dragos, told Fifth Domain.

The goal of many of these operations, he added, is to reduce the influence of other actors in the region, to manipulate oil prices or markets, or to send a message about their intent.

Valeriano explained that war with a country such as Russian and China doesn’t appear to be on the horizon. More likely, however, is an event that escalates in Syria or the Persian Gulf.

“These are the things that are ongoing,” he said. “These are the things we need to worry about.”

According to a report this week in Forbes, the Iranian hacking group behind a Microsoft Outlook attack earlier this year that prompted a US Cyber Command warning is back in the news.

The US has warned of an increasing threat from Iran as tensions escalate in the Gulf. Iran doesn’t have the same level of cyber weaponry used by threat groups in Russia and China, but it has proven very adept at attacks on civilian and critical infrastructure — targets that are less hardened than government or military agencies.

Now a report from Trend Micro has exposed the use of a dedicated virtual private network by one “aggressive” Iranian hacking group to hit targets while keeping its activities secret, Forbes reported.

The group in question is APT33, also referred to as Elfin. Best known for the Shamoon attack on Saudi Aramco, APT33 is responsible for other targeted attacks on the oil and gas industry in the US and Middle East, as well as hacks on various parts of the security industry.

Trend Micro reports that APT33 has honed its methods to attack the oil and gas industry, as well as a variety of seemingly unrelated targets that one can assume have arisen as a result of tasking from Teheran, Forbes reported.

Although APT33’s malware attacks this year have included “a private American company that offers services related to national security, victims connecting from a university and a college in the US, a victim most likely related to the US military, and several victims in the Middle East and Asia,” the group always returns to its core oil and gas focus.

And these attacks have become “more aggressive,”comprising “a big risk to companies in the oil industry, as APT33 is known to use destructive malware.”