How States and Intelligence Services Use Cyber Operations in Broader Geopolitical and Hybrid Conflict

In today's interconnected world, cyber operations have evolved from isolated acts of cybercrime into powerful instruments of statecraft, embedded within broader strategies of hybrid warfare. Governments and intelligence agencies leverage offensive and defensive cyber tactics to shape regional security, influence global perceptions, and coerce adversaries—all often operating covertly to maintain plausible deniability. This complex landscape underscores the importance of understanding how cyber capabilities are integrated into broader geopolitical conflicts, especially as technological advancements accelerate and new threats emerge.

The Integration of Cyber Operations into Hybrid Warfare

States increasingly incorporate cyber tactics into comprehensive hybrid strategies that combine cyberattacks, disinformation campaigns, kinetic military actions, and economic coercion. These multifaceted operations aim to destabilize opponents, influence political outcomes, and safeguard national interests without resorting to outright warfare.

Persistent Hybrid Tactics in Europe and Beyond

For example, Russia continues to wield a blend of cyber, informational, and kinetic tactics across its neighboring regions. Persistent sabotage campaigns, disinformation efforts, and cyber intrusions serve to weaken political stability and sow discord. These operations are conducted with a high degree of sophistication, often involving covert infrastructure and clandestine channels, making attribution challenging and responses complex.

Similarly, in the Middle East, Iran-backed cyber groups have intensified their operations against regional rivals, including Israel and Saudi Arabia. Reports suggest Iran’s cyber units are becoming more sophisticated, deploying malware and social engineering tactics that are harder to detect and counter. Iran’s cyber activities are often synchronized with kinetic and diplomatic pressures, creating a layered hybrid threat environment.

China’s Covert Cyber Warfare Strategy

China’s approach exemplifies the use of clandestine hacker units operating under plausible deniability. Analyses such as "How China Turned Hackers Into Cyber Weapons" reveal that Chinese cyber forces often conduct espionage, sabotage, and disruptive activities globally while maintaining the veneer of criminal enterprises or independent actors. These operations utilize covert channels and false flag tactics, enabling China to project power without direct attribution and to complicate international responses.

Cyber Operations Targeting Ukraine and Critical Infrastructure

The ongoing conflict in Ukraine illustrates how cyber operations are synchronized with kinetic military actions. Cyberattacks on Ukraine’s energy grid, for instance, have been used to weaken the country’s resilience ahead of missile strikes or ground assaults. Such operations exemplify the seamless integration of digital and physical domains in modern hybrid warfare, aiming to undermine civilian infrastructure and strategic assets.

Evolving Threat Vectors and Strategic Shifts

Ransomware and Data Theft as Strategic Tools

While ransomware attacks surged by approximately 50% in 2025, threat actors are increasingly shifting their focus toward strategic data exfiltration and double extortion schemes. Groups like Qilin are less motivated by immediate ransom payments and more interested in leveraging stolen data for political or strategic purposes. Critical sectors, especially in the private and small business spheres, are prime targets due to their weaker defenses and higher payout potential.

Supply Chain Vulnerabilities and Zero-Day Exploits

Cyber adversaries exploit vulnerabilities in supply chains and operational technology (OT). The recent discovery of the Cisco SD-WAN zero-day vulnerability (CVE-2024-10938) exemplifies how zero-day exploits can cascade across networks, potentially causing widespread disruption. Malicious code embedded within supply chain software—such as moneytigo OVRI—can compromise entire systems, risking physical damage and safety hazards within industrial control systems (ICS).

Threats to Critical Infrastructure

Operational technology and critical infrastructure remain high-value targets. Cyberattacks on energy grids, transportation networks, and healthcare facilities demonstrate the tangible consequences of vulnerabilities. For example, a cyberattack at the University of Mississippi Medical Center caused an 11-day disruption, highlighting how cyber vulnerabilities can directly threaten public safety and essential services.

Defense and Response: The Rise of Autonomous and Collaborative Platforms

In response to escalating threats, nations and private sector entities are adopting advanced defense mechanisms, including AI-powered autonomous systems and international collaboration:

• Unified Agentic Defense Platforms (UADP): These AI-enabled systems integrate multiple layers of cyber defense, allowing real-time threat anticipation, automated responses, and coordinated actions across networks. They represent a paradigm shift from reactive to proactive security, essential against rapid and sophisticated cyber adversaries.

• International Intelligence-Sharing Initiatives: Organizations like the Ampcus Cyber’s CISO Intelligence Council facilitate cross-border threat intelligence sharing, emphasizing that cyber threats are transnational. Countries such as Australia and the UAE exemplify proactive defense with layered cybersecurity practices and rapid incident response protocols.

• Private Sector Initiatives: Companies like Cloudflare are investing heavily in threat intelligence, aiming to become cybersecurity data powerhouses. Their push to aggregate and analyze global threat data enhances collective defenses and enables faster identification of emerging threats.

Long-Term Resilience Measures

Investments in cryptographic technologies, such as Post-Quantum Cryptography (PQC), are underway to prepare for future threats posed by quantum computing. PQC aims to safeguard digital communications against potential decryption capabilities of quantum machines, ensuring long-term security.

Recent Developments and the Future Outlook

The threat landscape continues to evolve rapidly with the proliferation of AI-driven Ransomware-as-a-Service (RaaS) platforms, deepfake-enabled influence operations, and hybrid campaigns that combine cyber intrusions, disinformation, and kinetic actions. These innovations increase the complexity of modern conflicts, demanding integrated responses across multiple domains.

Strategic Shift from Ransom to Data Leverage

Cybercriminal groups are shifting their focus from immediate ransom payments toward data theft and strategic extortion, aiming to leverage stolen information for political or economic gains. This evolution reflects law enforcement efforts to crack down on traditional ransomware, prompting adversaries to pursue long-term influence campaigns.

The Role of Deepfakes and Influence Operations

Deepfake technology is increasingly used to produce convincing false communications, undermining trust and manipulating public opinion. Such influence operations can destabilize political discourse and amplify misinformation, posing a significant challenge for democracies and institutions.

Current Status and Implications

Cyber operations are now woven deeply into the fabric of international conflict, with states employing offensive and defensive tactics to safeguard interests and project power. The increasing sophistication of AI tools, quantum computing, and supply chain vulnerabilities amplifies the urgency for robust, coordinated responses.

Key implications include:

• The necessity for international cooperation and shared intelligence to counter transnational threats.
• The importance of public-private partnerships to bolster resilience, exemplified by initiatives like Cloudflare’s threat intelligence push.
• The critical need for long-term resilience investments, such as PQC, to protect future digital infrastructure.

As technology advances, so will the complexity of cyber-enabled hybrid conflicts. The strategic landscape demands vigilance, innovation, and collaboration—fundamentally shaping the future of international security in the digital age.