Bad actors around the world can use aerial systems not only to conduct direct surveillance of sensitive sites, but to coerce decision-makers through intimidation.
|
March 25, 2025 INSIDE THIS ARTICLE, YOU'LL FIND: |
The expanding use of drones in corporate espionage is materializing as a major threat to companies in 2025 and beyond. Organizations are highly vulnerable to drone-assisted espionage as drone countermeasures continue to lag novel implementations of unmanned aerial systems (UAS). To prevent both state and non-state actors from compromising decision-making, assets, and intellectual property (IP), companies must implement counterintelligence and detection measures while carefully navigating the compliance risk of an anachronistic regulatory space.
Inexpensive drones that are easy to replace and hard to stop are redefining the modern battlefield. In combat, they are widely employed both for intelligence and as guided munitions, showing impressive results. However, the ubiquity of drones extends far beyond the military realm. UAS are increasingly appearing in a myriad of commercial sectors and in places that they are not supposed to. Last year in the United States (U.S.), there were nearly 1.2 million unauthorized UAS violations, with drones illegally flying over events and venues 12,624 times (8% YoY increase), power plants 13,325 times (18% YoY increase), and correctional facilities 14,499 times (42% YoY increase).
Consumer drones present attractive vehicles for various bad actors engaged in activities from terror attacks to corporate espionage. It is exceedingly easy for an individual to buy a drone and fly it over a military base, as was the case at Vandenberg Air Force Base in November 2024. Even for the military, shooting that drone down proved to be difficult. While recent progress is being made, advanced militaries and law enforcement still cannot reliably counter drones. At this stage, it is nearly impossible for private citizens or companies to counter the threat posed by drones legally. Without a clear solution, there is little disincentive for state and non-state actors alike to continue using drones for malicious ends, including corporate espionage.
This post is adapted from Global Guardian’s 2025 Worldwide Threat Assessment. For more information on this and other global threats, download the latest Worldwide Threat Assessment.
Drones in Corporate Espionage
While the most acute threat posed by drones to any organization remains physical attacks, the next drone threat is corporate espionage. Bad actors can use aerial systems not only to conduct direct surveillance of residential, commercial, or industrial sites, but also to coerce decision-makers through intimidation by surveillance. In addition, drones can be used for infiltration, using ‘nearest neighbor’ cyber-attacks, where physical proximity to a digital network can be exploited to attack weak points in a firm’s cyber defenses.
Surveillance and Coercion
In 2019, China’s Huawei and Sweden’s Ericsson were in close competition over a EUR €200 million contract for Denmark’s TDC to upgrade its telecommunication network to 5G. As part of a multipronged espionage effort, Huawei used drones on at least two occasions to surveil and intimidate TDC staff.
Huawei had worked with TDC since 2013, supplying and servicing equipment for prior 3G and 4G networks. In 2019, however, Ericsson made a substantially lower final bid. Before TDC’s executives reached a decision, Huawei beat Ericsson’s bid in an eleventh-hour revision to their offer. The timing of the revision and the similarity of Huawei’s new figure to Ericsson’s bid set off an internal investigation at TDC. Ericsson’s bid was confidential information only known to about a dozen high-ranking personnel at TDC. The security team suspected an insider threat, hacking, eavesdropping, or a combination thereof. The investigation quickly confirmed two of their suspicions. Huawei had used cultivated insiders to ascertain Ericsson’s bid information and was also eavesdropping on the TDC investigation itself through microphones built into a boardroom’s teleconference system.
Finding its own offices compromised, TDC moved its investigation to a conference room belonging to Plesner, one of TDC’s legal partners. Plesner’s office came under an effective DDoS attack the same day. The night following the investigation’s relocation, a security guard observed a large drone illuminating the investigation room, where a whiteboard with the investigation’s timeline and key figures of interest had been left uncovered and facing the window.
In addition to gathering information, Huawei pressured TDC’s executive staff and the Danish government, including a letter to the Danish Prime Minister threatening to withhold or withdraw other Chinese investment in Denmark if Huawei lost the TDC contract. Multiple security team members reported suspicions that they were being followed and surveilled during the investigation by both people and drones. While celebrating the end of the investigation, the firm’s CEO and security team were observed by a large drone on the 17th floor of the Silo Hotel in Copenhagen before the drone descended to a white van which retrieved it and sped away.
While Ericsson was ultimately awarded the contract, and Huawei’s capabilities exceed those of most competitors, the TDC incident illustrates how drones are used on multiple levels to unduly influence major financial decision-making. In the TDC affair, the watchful eye of a UAS was pernicious on two levels. First, the drone’s operators observed confidential information they should not have. Second, simply watching the investigators fostered harmful distrust and paranoia within the upper echelons of TDC.
While Huawei combined the threat vectors of cyber, eavesdropping, insider threat, and drones, an unsophisticated actor could use drones alone to facilitate blackmail, virtual kidnapping, harassment, or simply to surveil executives. All a would-be attacker needs to harm a company is access to a drone and time.
Nearest Neighbor Hacks
A “nearest neighbor” hack is a cyberattack that relies on physical proximity to a targeted network. Conventionally, attackers need to be physically near their target. But drones negate the risks involved in attaining the requisite proximity for a nearest neighbor attack. A van parked outside an office can be picked up on CCTV or even interdicted by law enforcement. UAS allow attackers to maintain distance while pursuing this threat vector, lowering the risk and, in turn, making these attacks even more attractive.
In 2022, a financial company’s internal network was partially penetrated through a drone-assisted nearest-neighbor attack. The firm discovered unusual activity on its internal network. It traced the activity to a device using a remote employee’s network credentials to access the company’s Wi-Fi. However, the employee in question worked remotely, and their credentials were simultaneously used on a device at their home several miles away.
The security team followed the imposter signal to the roof using Wi-Fi detection equipment. There, the team found two commercially available DJI drones—a Phantom and a Matrice—modified to carry a Wi-Fi penetration tool (Wi-Fi Pineapple), a small laptop, batteries, and other devices.
The investigators found that one of the drones had been used days before to obtain the employee’s credentials from their home before being used to access the office’s internal network. The attack was successful in gaining partial access to the company’s Wi-Fi. The company’s security team believe the attackers were attempting to retrieve the drones when one was damaged, and the effort was abandoned.
If the attack had been conducted at a different time of day, or if the drones had been successfully recovered for another attack, the infiltration could have been much worse. This nearest neighbor attack demonstrates that the modifications that turn drones into kinetic weapons on the battlefield can just as easily be used to turn drones into weapons in cyberspace.
Military-Civil Fusion
The magnitude of the drone threat is partially due to the dual-usage crossover between civilian and military applications. Civilian demand for drones sustains a commercial UAS industry complete with research and development (R&D), manufacturing infrastructure, and private capital. Military demand for drones supercharges the commercial development cycle by directing and coordinating between multiple firms, creating reliable, long-term demand, and providing public funding. A virtuous cycle of economies of scale and rapid development follows.
The Chinese Communist Party (CCP) employs what is called “military-civil fusion” (MCF). MCF is the CCP’s strategy to develop the People’s Liberation Army (PLA) into a “world class military” by 2049. Under MCF, the CCP is systematically reorganizing Chinese industry to ensure that new innovations simultaneously advance economic and military development.
A prime example of MCF is China’s growing light shows, where over 10,000 light-bearing drones have been coordinated through a single network. These spectacular aerial displays rely on precisely the same network of enterprises and engineers developing military drone swarms for the PLA. The drone light show market in China alone was worth USD $363.72 million in 2024 and is projected to grow. Chinese drone companies—including DJI—have close state ties and dominate the commercial UAS space. DJI alone controls 80% of the U.S. market and 70% of global drone market.The Drone Threat of Tomorrow
The first use of quadcopters to drop munitions was likely conducted by Islamic State forces in 2016. Other actors in the region quickly adopted weaponized commercial drones, often using 3D–printed mechanisms to carry and drop ordinance. It took malicious actors at most six years to adapt this same practice but for cyberattacks.
Today, the cutting edge of drone development includes fully automated AI-directed UAS, drones disguised to look and fly like birds, and microdrones that can fit in the palm of one’s hand. AI-piloted drones offer actors the ability to automate attacks, greatly increasing the scale of the threat. Drones that look inconspicuous —like birds—could bypass and negate awareness and sensor systems. Microdrones are small enough to potentially gain access to a secure site by tail gaiting.
Countering the Threat
The use of UAS in corporate espionage is likely to increase in the absence of adequate civilian countermeasures. Until effective counter unmanned aerial systems (C-UAS) measures are developed and widely adopted, malicious actors have much to gain and little to lose in exploiting the efficacity gap between UAS and C-UAS. Closing this gap requires action at three levels: legal, technological, and organizational. Given the current pace of drone technological development, companies can expect to contend with some form of these threats by 2030.
Since drones are considered aircraft by the Federal Aviation Authority (FAA) in the U.S., downing them is a federal offense. Private citizens or organizations are not allowed to shoot down drones. The only U.S. entities permitted to intercept commercial drones are the Department of Homeland Security (DHS) and the Department of Justice (DOJ). Similar legal barriers are near-universally present in other jurisdictions. Drone jamming is also illegal due to air safety concerns. While many agencies are capable of catching small drones, their capacities are mostly concentrated on counter-terror operations. Realistically, companies facing a drone threat have only two options in the legal realm: alert law enforcement or appeal to elected representatives.
Other than reporting suspicious or illegal drone activity to local police and the FAA, there are steps organizations can take that fall short of “hard” or “soft” kill options. Fostering awareness of malicious UAS activity is something that private organizations can actively pursue. This can be done through drone monitoring services or by procuring on-site detection arrays. Remote warning systems monitor drone communication signals to identify and log data on drones within an area. On-site arrays use a combination of signals monitoring, cameras, and radar to track drones in the vicinity of the site in question.
Drones are most dangerous when used in conjunction with other attack vectors. Attempts by bad actors to penetrate corporate defenses are most successful when taking a “combined arms” [figure 5] approach that pairs cyber or traditional espionage with UAS assistance. Maintaining strong cyber, physical, and human security systems is the best approach to mitigating the threat presented by drones.
Key Takeaways
The gap between drone capabilities and counter-drone measures leaves companies vulnerable to various drone-augmented threats. In addition to new vectors of attack that rely wholly on drones, unmanned aerial systems also act as a force multiplier for cyber-attacks, insider threats, conventional surveillance, and coercion. Firms must adopt and implement effective technological solutions to the novel threats of drones and other modern threat vectors.
Standing by to Support
The Global Guardian team is standing by to support your security requirements. To learn more about our Duty of Care membership, as well as business continuity and emergency response planning services, complete the form below or call us at + 1 (703) 566-9463
