Threat Essentials Blog

Taliban Takeover: evaluating the impact on the cyber threat landscape

With the Taliban returning to power in Afghanistan the global security community is hastily re-evaluating the physical security situation for both the region and the globe in light of these strategically surprisingly event.

But what impact will the Taliban’s take-over of Afghanistan have on cyber security?

Potentially, nothing. 

However, of all the possible future scenarios all set within a globally connected cyber landscape, nothing happening is possibly the most unlikely scenario. Instead, there are multiple possible futures that the Taliban victory could create.

Even before recent events, there have been cyber security specific incidents linked with Afghanistan. This is hardly surprising given that the Internet has been accessible by around 10% of the Afghan population for at least the past decade, and the previous government had sought to digitally enable much of the administration of the government - even reaching the development milestone of establishing a national CERT in 2009 and publishing a National Cyber Security Strategy for the country in 2014. This connectivity has bought with it the almost inevitable targeting from cyber espionage actors linked to states such as the Peoples Republic of China;  but as of yet there is not an obviously-visible cyber crime or hacktivist scene emanating from the country.

What is apparent is that, even in the chaos of the Coalition withdrawal, the new Taliban government of Afghanistan has inherited a functioning cyber infrastructure.

The question is: What happens next?

Although there are an infinite number of possibilities in answer to this question, two theoretical lenses to view the issue through are as follows:

  1. The effect of the Taliban victory on the wider Islamist hacking scene
  2. Cyber threat emanating from Afghanistan

Addressing both in turn.

The effect of the Taliban victory on the wider Islamist hacking scene

Islamist-related hacking activity is of course nothing particularly new. The conflicts over the last two decades in Syria, Iraq and Afghanistan have seen a flood of cyber-related activity from low-tech recruitment of foot soldiers for these conflicts via social media, to the more hi-tech activities of groups such as the Cyber Caliphate.

TE Threat

Fig. 1: Historical image of the Cyber Caliphate Twitter feed


Although many of these groups are now defunct, what they do show is that there is a consistently stable and globally-distributed body of technically-enabled individuals who are keen to progress hacking- and cyber enabled operations on behalf of Islamist causes. Within this context, the Taliban victory in Afghanistan is hugely encouraging for the global Islamist cause, especially after the initial stunning success of ISIS, followed by the group’s total defeat (at least in conventional military terms) in Iraq circa 2019. As such, it’s a realistic possibility that we may see a global renewal of interest in Islamist causes off the back of  the Taliban’s success.

The quantifiable cyber security impact of this renewed interest can be hinted at via The Staircase to Terrorism, a model developed by social scientist Fathali M. Moghaddam.  Moghaddam’s Staircase (visually represented below) proposes a theory of how individuals move through six phases towards an ultimate act of physical violence. At each stage, or in Moghaddam’s analogy “step on the staircase” the individual rejects the conventional status quo of their lives, becomes more deeply engaged with the alternative world proposed by the terrorist group they are identifying with, and edges closer to committing more acts of protest and violence. 

Moghddams Staircase

Fig. 2: Moghaddam's Staircase


The relevance of Moghaddam’s Staircase is that the volume of individuals on each of the steps decreases at each phase, hence explaining why although hundreds of thousands of  individuals may sympathise with a political cause, only a handful ever participate in political violence in support of that cause. Cyber action sits at a low level on Moghaddam’s Staircase due to the low level of commitment/ consequences for the individual of this type of action. This low consequence of cyber actions also means that the pool of individuals willing to participate at this level of the Staircase is potentially huge.

With interest and confidence swelled by the Taliban’s victory and the potential impact of cyber activity never more apparent post-Colonial Pipeline hack, there is now a very real chance of the Taliban’s victory inspiring a new wave of Islamist-inspired hacking activity.


Cyber threat emanating from Afghanistan

Much more of a wildcard scenario is some form of hacking scene developing within a Taliban controlled Afghanistan. To many this may seem a ridiculous suggestion however, the Taliban of 2021 is very different to the group that was deposed by the US led Coalition after the events of 9/11. The Taliban of 2021 have been hardened by twenty years of intense warfare that has forced the group into a cycle of competitive adaptation and learning. This newer more hi-tech Taliban is evident in their elite foot soldiers -  the so called Badri 313 unit - that bares many of the hallmarks of a modern highly capable special operations unit. While Badri 313 appear to be confined at this juncture to purely physical operations, their existence does show that the Taliban are capable of developing and maintaining operational sophistication.

Looking to the future, cyber operation may be a highly viable way for a Taliban governed Afghanistan to continue to project power. One hypothetical scenario is that the Taliban are successful in normalising relations with the wider global community - and at this point this would certainly be the strategy that the Taliban seem to be pursuing. If they were successful in achieving this goal, then overt sponsorship of terrorist and insurgent groups within the borders of Afghanistan may become undesirable for the Taliban leadership. Within this eventuality, cyber operations, with their high level of deniability could be a “best of both worlds” scenario for the Taliban in that they can continue to normalise relationships on a global stage while still actively supporting global Islamist causes.

Using the Cone of Plausibility analytical methodology Threat Essentials has examined how the scenario of an Afghanistan-based, and Taliban-backed cyber capability may develop over the next 12-18 months. This short piece has attempted to dissect the variables that could shape the cyber landscape in the coming 12 to 18 months.

Cone of Plausability

Fig. 3: Cone of Plausibility analysis for the development of an Afghan-based cyber capability

Although Figure 3 communicates many points about future possible scenarios, it is important to point out that there are many assumptions around such as dynamic situation. One realistic possibility for Afghanistan is a freefall descent into civil war and a return to a warlord/tribal-centric society that reigned after the Soviet withdrawal from the region in the 1980’s. Within this scenario, maintaining any kind of functional telecommunication infrastructure, let alone cyber capability, would be next to impossible. However, if this worst-case scenario did not transpire then there are usually possibilities for how an Afghanistan-based cyber capability could develop.

One particularly wild card scenario comes from greater involvement in Afghanistan on the part of the Peoples Republic of China (PRC). Although the PRC’s engagement with Afghanistan has been limited there is a school of through that the PRC will support the Taliban government if only for the commercial opportunities that this would bring. This opens the door for possible sponsorship by the PRC of an Afghanistan-based cyber capability. This may seem preposterous at this point; however, it should be noted that the PRC has historically supported the North Korean regime in developing its own cyber capability.

What can we conclude?

Now is the moment to think outside of the conventional box in regard to the future of Afghanistan. Only weeks ago, the possibility of the Taliban returning to power within ten days of a Coalition withdrawal from Afghanistan appeared to be a wildcard scenario. However, reality has dictated the outcome of these events.

Within the realm of cyber power, it was once thought impossible for states like Iran to develop a credible cyber capability. However, just as with events in the physical world, so unexpected developments can, and do, arise.