Quantum Risk Explained: What, When, How?
The emergence of cryptographically relevant quantum computers (CRQCs) poses a critical threat to modern public-key encryption. Threat actors are already conducting 'Harvest Now, Decrypt Later' (HNDL) operations to intercept and store long-lived sensitive data, necessitating immediate organizational planning for post-quantum cryptography (PQC) migration and cryptographic agility.
Source:
Recorded Future
Detection / HunterGoogle
What Happened
Quantum computers are advancing and will eventually be powerful enough to break the encryption that currently protects our digital lives. Anyone with sensitive data that needs to stay secret for years—like governments, healthcare providers, and businesses—is at risk because hackers are already stealing and storing encrypted data today to unlock it later. This matters because once the encryption is broken, the exposed data cannot be secured again, leading to severe privacy and security breaches. Organizations should start preparing now by taking inventory of their current encryption methods and planning a transition to new, quantum-safe security standards.
Key Takeaways
- Cryptographically relevant quantum computers (CRQCs) will eventually break current public-key cryptography like RSA and ECC.
- Threat actors are already executing 'Harvest Now, Decrypt Later' (HNDL) attacks to store encrypted data for future decryption.
- Quantum computing combined with AI will accelerate vulnerability discovery and brute-force attacks against weak encryption.
- Organizations must begin post-quantum cryptography (PQC) migration planning and establish cryptographic agility by 2026 to avoid compressed timelines.
Affected Systems
- Public-key cryptography (RSA, ECC, Diffie-Hellman)
- Internet communications (TLS, VPNs, SSH)
- Identity and access management systems
- Industrial and IoT systems
- Software supply chains
Attack Chain
State-sponsored threat actors intercept encrypted network traffic using techniques like large-scale BGP routing manipulation. The intercepted encrypted data is stored in long-term storage facilities. Once cryptographically relevant quantum computers (CRQCs) become available, the actors will use them to break the public-key encryption and access the plaintext data.
Detection Availability
- YARA Rules: No
- Sigma Rules: No
- Snort/Suricata Rules: No
- KQL Queries: No
- Splunk SPL Queries: No
- EQL Queries: No
- Other Detection Logic: No
No specific detection rules are provided, as the article focuses on strategic cryptographic risks rather than tactical indicators.
Detection Engineering Assessment
EDR Visibility: None — The primary threat described (HNDL) relies on passive network interception and BGP hijacking, which occur outside the visibility of endpoint detection and response tools. Network Visibility: Medium — Network monitoring can detect anomalous routing changes (like BGP hijacking) or massive unexpected data exfiltration, though the data itself remains encrypted. Detection Difficulty: Very Hard — HNDL attacks involve passive collection of encrypted data, often at the ISP or backbone level, making it nearly impossible for the targeted organization to detect the interception directly.
Required Log Sources
- BGP routing logs
- NetFlow/IPFIX
- Network IDS/IPS logs
Hunting Hypotheses
| Hypothesis | Telemetry | ATT&CK Stage | FP Risk |
|---|---|---|---|
| Threat actors are manipulating BGP routes to redirect and intercept encrypted traffic for long-term storage. | BGP routing tables, NetFlow data | Collection | Medium |
Control Gaps
- Lack of visibility into ISP-level routing
- Reliance on quantum-vulnerable public-key cryptography
Key Behavioral Indicators
- Unexpected BGP route changes
- Unusual volumes of encrypted traffic routed through foreign infrastructure
False Positive Assessment
- Low
Recommendations
Immediate Mitigation
- Establish a comprehensive cryptographic inventory across applications, infrastructure, and third-party dependencies.
- Identify long-lived sensitive data that requires protection against future quantum decryption.
Infrastructure Hardening
- Design systems for cryptographic agility to allow algorithm replacement without architectural redesign.
- Monitor BGP routing for unauthorized changes or hijacking attempts.
User Protection
- Ensure secure build pipelines and code-signing infrastructure are prioritized for post-quantum migration.
Security Awareness
- Educate leadership and boards on quantum risk as a strategic planning issue.
- Require critical suppliers to provide credible, time-bound PQC transition roadmaps.
MITRE ATT&CK Mapping
- T1040 - Network Sniffing
- T1557 - Adversary-in-the-Middle