Start your day with intelligence. Get The OODA Daily Pulse.

Home > Analysis > What Happens if China, Iran, and Russia Form a Cyber Tripartite?

Recent reporting reveals that ties between Russia and Iran have tightened to the point where Russia is now Iran’s chief military patron.  This is extremely worrisome, especially for Washington that has seen the war in Ukraine push its traditional rivals closer together.  This military relationship has been categorized as unprecedented, with Tehran delivering military supplies like ammunition and drones, with the possibility of even providing ballistic missiles in the future in exchange for cooperation in joint drone production and Russia-provided technology.  Naturally, concerns over Russia supplying Iran with nuclear-related materials to spurn its nuclear weapons program have surfaced, putting at risk any hope of a deal between the United States and Iran over its nuclear ambitions.  Collaboration between two U.S. rivals threatens to prolong the war in Ukraine, while providing a heavily sanctioned Iran economic and defense support at a time where the United States’ attention is diverted elsewhere.

Naturally, this growing relationship raises questions about whether it will extend to a more formal engagement between Moscow and Tehran with respect to the cyber domain, an area where both could benefit from closer collaboration.  According to one prominent news source, Russia has already supplied Iran with surveillance and other equipment to facilitate intelligence gathering, as well as hidden cameras, and even lie detectors.  Furthermore, there is speculation that Moscow may also have provided Tehran sophisticated software that enabled Iranian authorities to hack into the phones of political oppositionists and dissidents in 2022, allowing them to alter, disrupt, and monitor how they used their phones.  Though this advanced technology appears to be more surveillance-focused as opposed to sophisticated disruptive or destructive malware, it nevertheless shows the willingness of these authoritarian regimes to share advanced cyber tools and equipment. 

These developments are not so surprising as Tehran and Moscow have engaged in some level of cyber cooperation in the past.  Both governments signed a formal information and cyber agreement in 2021, creating the opportunity to coordinate their cybersecurity activities.  Though details were scarce, the agreement appeared to focus on cyber defense rather than offense, an acknowledgement that both needed to reduce reliance on foreign technology, as well as increase their awareness of the activities of advanced state threats like the United States operating in cyberspace.  This agreement had roots in a similarly themed 2015 accord where the two governments agreed to collaborate on cyber defense issues to include intelligence sharing and interactions against common cyber threats.  While at many times such agreements can be largely ceremonial endeavors, they ultimately provide the basis from which to expand areas of mutual benefit in cyberspace.

China adds an interesting twist to these developments with Beijing strengthening its own relations with both Russia and Iran as the United States tries to contain Beijing’s global aspirations.  China and Russia have already deepened their ties, with the improvement of China-Iran ties underscored by the Iranian presidential visit to China and the brokered Iran-Saudi Arabia peace deal.  With respect to Iran, in 2019, Beijing and Tehran officials publicly stated their commitment to countering perceived U.S. cyber hegemony and stressed cooperation to address such threats.  In January 2022, both governments penned a 25-year comprehensive strategic cooperation agreement in which cybersecurity was a featured component that included China’s assistance in creating an internal Internet in Iran.  Though all signs suggest the China-Iran cyber relationship has not yet evolved into the same level of cooperation that has fostered the Russia-Iran one, it has set important precedent that could be cultivated further should both sides consider it to be in their interests to do so.  

Ultimately, this scenario begs the question if a workable tripartite cyber agreement is possible between China, Iran, and Russia.  One think tank believes that such an axis in any capacity is an illusory endeavor, assessing that each of these authoritarian governments have been typically driven by bilateral commitment “followed by modest trilateral coordination” in the best of circumstances.  While this may be true for many diplomatic/economic areas, the state and nonstate international cyber cooperation that has materialized in support of Ukraine has shown to those observing it that the efforts of a notable cyber power like Russia can be mitigated via offensive and defensive collaboration.  And this should bear on Beijing whose desire for Taiwan reunification is the type of geopolitical event that would catalyze the international community in support of Taiwan, particularly in cyberspace.  Recently, the U.S. Congress proposed the Taiwan Cybersecurity Resilience Act, which would mandate the Pentagon to bolster its “outreach” and collaboration with Taiwan.  It is not lost on Beijing that this would invariably involve U.S. Cyber Command “hunt forward” operations as well.

The more Western countries band together to combat a common foe like is happening in Ukraine with NATO and the United States supplying cyber support, the more isolated regimes may look for opportunities to team up as well.  The United States and its allies are often included in global cyber power rankings, a listing that uses a methodology that considers a multifaceted approach to criteria ranking.  When collaborating, already robust individual state capabilities are magnified.  And if Ukraine has survived the onslaught of Russian cyber attacks thus far, one wonders how Kyiv would have born against Russia in a one-on-one cyber war engagement, and if Ukraine’s ability to identify, mitigate, and remediate attacks would have been as successful as it has been without international assistance.  And if what is happening in Ukraine is a harbinger of how future conflicts could draw in other states to provide cyber help and assistance, then pariah countries like Iran, North Korea, and Russia could look to each other for similar assistance against the type of cyber hunt operations the United States and its allies conduct. Given that the aforementioned cyber power ranking also listed China, Russia, and Iran in the top ten list, robust intelligence-sharing and joint operations among these governments could prove a viable counter to these operations. 

While this may seem a pipe dream, strange things happen when adversaries are underestimated.  Furthermore, isolation only pushes ostracized countries closer together, where they are compelled to find alternatives to the Western mainstream (e.g., the motivations for establishing BRICS and the Shanghai Cooperation Organization).  If perceptions are that Western countries will come together to unite cyber efforts against Russia, is it that much of a surprise that the more Russia falls into the kinetic and cyber crosshairs of the United States and NATO, the more willing Moscow may be to provide its allies with cyber weapons to level the cyberspace playing field?

International support has proven so far to be effective in protecting a country in peril.  However, that type of cooperation can extend to adversaries as well.  Unfortunately, this “taking sides” and “partnering up” runs the risk of escalating a local conflict into a more global cyber war where allies in cyberspace fight, even though they may not provide physical support to their preferred side in a kinetic conflict.  Already, there has been spillover in cyberspace with respect to the Ukraine war with other countries being targeted with non-lethal though damaging cyber attacks because of their allegiances.  If China, Iran, and Russia form a cyber tripartite in which each will come to the other’s defense in cyberspace, they have the combined potential capability and resources to present a substantial show of force, and one that will undoubtedly rally the West to follow suit in an effort to match.

This is perhaps the worst-case scenario when discussing what cyberwar could look like – a cyber equivalent of a NATO-Warsaw Pact stand-off featuring mutual assistance, cyber defense, and cyber arms building.  The longer cyber treaties and norms of behavior remain elusive, and the more state and nonstate actors are folded into the mix, the more even the most innocuous of geopolitical conflicts could quickly bring in parties to the cyber front.  And unlike kinetic conflict, cyber engagement is less costly and more enduring.  Good decision makers know that history repeats itself.  Let’s hope that they recognize the signs and change course direction before the world finds itself fully entrenched in a cyber Cold War.

Emilio Iasiello

About the Author

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.