Guest Author: John Thompson, Austability Group
The digital battlefield has evolved into one of the most dangerous and consequential domains of modern warfare. State-sponsored cyber-attacks are no longer isolated incidents; they represent systematic, coordinated campaigns that threaten the very foundations of national security. Defence organisations worldwide face an unprecedented convergence of sophisticated adversaries, advanced attack techniques, and expanding vulnerabilities that demand immediate and comprehensive action.
The Escalating Cyber Warfare Crisis
The scale and sophistication of state-sponsored cyber warfare have reached alarming levels. Between January and September this year, researchers documented 167 attacks targeting the international defence ecosystem, with more than half being distributed denial-of-service (DDoS) attacks designed to overwhelm critical systems and interrupt operations. Data breaches accounted for nearly 38% of incidents, exposing confidential defence information and communications that compromise operational security and strategic advantage.
What makes these attacks particularly dangerous is their coordinated nature—a DDoS wave draws attention and resources while quieter intrusions extract classified data unnoticed, demonstrating long-term strategic planning rather than opportunistic chaos. More than 87% of IT decision-makers now express concern about cyberwarfare’s impact on their organizations, a dramatic shift from previous years when nearly half were unconcerned or indifferent. (media.armis.com)
Concrete Examples of State-Sponsored Threats
Recent operations illustrate the gravity of the threat. Salt Typhoon, a sophisticated Chinese state-sponsored actor, orchestrated what U.S. Senator Ben Ray Luján described as “the largest telecommunications hack in the US’ history.” The campaign targeted 80 global telecom providers across dozens of countries, with the White House confirming the operation’s sprawling scope in December 2024. A DHS memo revealed Salt Typhoon had “extensively” breached a U.S. state’s Army National Guard network, gathering administrator credentials and sensitive configuration data, with indications of broader penetration across all 50 states.
China’s Volt Typhoon campaign focused on infiltrating critical infrastructure networks, with Chinese officials reportedly admitting to conducting cyberattacks on U.S. infrastructure during secret bilateral meetings. Meanwhile, Iranian-linked hackers known as CyberAv3ngers have utilized tools like ChatGPT to exploit weaknesses in water systems, energy grids, and manufacturing facilities globally.
The targeting is both strategic and comprehensive: spanning telecommunications, energy, defence contractors, military agencies, and intelligence organizations across more than 35 countries.
Key Trends Reshaping the Cyber Warfare Landscape
Artificial Intelligence as a Double-Edged Sword: Almost three-quarters (74%) of IT decision-makers agree that AI-powered attacks significantly threaten their organization’s security. Russia, China, North Korea, Iran, and their proxies have integrated AI into cyberwarfare strategies, using large language models to enhance operations and erode trust in democratic institutions. AI enables automated malware development that dynamically alters itself to avoid detection, machine-generated phishing that enhances social engineering effectiveness, and autonomous network attacks that continuously scan for vulnerabilities without human intervention.
Advanced Persistent Threats (APTs): These stealthy, continuous hacking processes maintain access over extended periods, employ customised malware to bypass conventional security, and use sophisticated evasion techniques to remain undetected. The impact extends far beyond immediate data breaches, threatening economic stability, national security, and public trust.
Supply Chain Vulnerabilities: Nearly 60% of breaches originate from third-party vectors. Defence organisations depend heavily on vendors, CI/CD pipelines, and operational support systems, making supply-chain compromise a reliable entry point for sophisticated actors. [blog.checkpoint.com]
The Emerging Quantum Threat: Alongside current cyber threats, Defence organisations are increasingly preparing for the emergence of quantum computing and its potential impact on modern encryption standards. While large-scale quantum capability may still be developing, the threat to traditional public-key cryptography is already shaping national cyber strategies.
Security agencies are warning of “harvest now, decrypt later” operations, where adversaries collect encrypted data today with the intention of decrypting it once quantum capabilities mature. For defence, intelligence, and critical national infrastructure organisations handling long-life sensitive information, this presents a significant strategic concern.
In response, the National Institute of Standards and Technology has introduced new post-quantum cryptography standards designed to resist quantum-enabled attacks, with allied governments and defence organisations now beginning the transition toward quantum-resilient encryption protocols.
Strategic Imperatives for Defence Organizations
The convergence of these threats demands fundamental shifts in how defence organizations approach cybersecurity. The U.S. Department of Defense’s Defense Industrial Base (DIB) Cybersecurity Strategy 2024 articulates this urgency, recognizing that “DIB companies, both large and small, are at risk of malicious cyber activities conducted by foreign adversaries, such as Russia, China, Iran, and North Korea.”
Mission Assurance Through Resilience: Defence organizations must move beyond prevention-only strategies to embrace resilience, and design systems that can withstand attacks and quickly recover while ensuring continuity of essential services. This requires comprehensive threat intelligence sharing between allies and industries, regular dark web monitoring, and human awareness training as attackers exploit social engineering and leaked credentials.
Zero Trust Architecture: Traditional perimeter-based security models have proven inadequate against sophisticated nation-state actors. Defence systems require kernel-level zero trust solutions that architect inherent trust into systems rather than relying on external defences.
Proactive Cyber Deterrence: Strengthening cyber deterrence demands developing clear red lines defining unacceptable attacks, enhancing attribution capabilities to identify perpetrators definitively, and signalling response capabilities that impose costs on adversaries.
The Imperative for High-Assurance Platforms
Mission-critical defence operations cannot tolerate the vulnerabilities inherent in commercial-grade systems. High-assurance platforms—designed from inception with security, certification, and resilience at their core—provide the foundation necessary to operate in contested cyber environments. These platforms must deliver:
- Cryptographic protection with NSA-certified encryption for classified communications
- Formal verification of security properties through mathematically provable assurance
- Compartmentalization that isolates critical functions and limits lateral movement
- Continuous monitoring with real-time threat detection and automated response capabilities
- Supply chain integrity through verified components and secure development lifecycles
The US Department of Defense recognizes this imperative through its instruction on “Protection of Mission Critical Functions to Achieve Trusted Systems and Networks,” emphasizing that trusted systems form the foundation of military superiority in cyberspace.
Conclusion: An Existential Imperative
The cyber threat landscape has fundamentally transformed. As ThreatMon researchers concluded in 2025: “cyber warfare is not coming—it’s here.” The ability to defend against digital incursions now defines national strength as much as military power.
Defence organizations must recognize that technology alone is insufficient. Protecting tomorrow’s defence networks requires investing in resilience, intelligence, cooperation, and—critically—high-assurance platforms purpose-built for mission-critical operations. Every network is now a battlefield, and the adversaries are sophisticated, patient, and relentless. The time for action is not tomorrow—it is today.
This article was written by John Thompson, Austability Group, and lightly edited for clarity and additional context.
Bibliography
Armis. (2025). Warfare Without Borders: The 2025 Armis Cyberwarfare Report. Retrieved from https://media.armis.com/image/upload/v1744054933/cyberwarfare-2025.pdf
Barbosa, L. (2025, October 22). Cyber Warfare in 2025: State-Sponsored Threats Reshaping US Defense. Global Spotlight News. Retrieved from https://globalspotlightnews.com/cyber-warfare-2025-state-threats/
CISA. (2025). Cybersecurity Strategic Plan FY2024–2026. Retrieved from https://www.cisa.gov/sites/default/files/publications/CISA-Cybersecurity-Strategic-Plan.pdf
CISA, NSA, & Cyber Centre. (2025). BRICKSTORM Malware Used by People’s Republic of China State-Sponsored Actors. Cybersecurity Advisory. Retrieved from https://www.cisa.gov/news-events/news/brickstorm-malware-used-by-china
Independent. (2025, September 1). Salt Typhoon Hacks Declared National Security Crisis. Retrieved from https://www.independent.co.uk/tech/security/salt-typhoon-hack-national-security-crisis
Lohrmann, D. (2025, May 25). Midyear Roundup: Nation-State Cyber Threats in 2025. GovTech. Retrieved from https://www.govtech.com/blogs/lohrmann-on-cybersecurity/midyear-roundup-nation-state-cyber-threats-in-2025
Mohan, O., & Deskin, G. (2025, December 5). The Largest Telecommunications Attack in U.S. History: What Really Happened—And How We Fight Back. Check Point Blog. Retrieved from https://blog.checkpoint.com/security/the-largest-telecommunications-attack-in-u-s-history-what-really-happened-and-how-we-fight-back/
Tenable. (2025, January 23). Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor. Retrieved from https://www.tenable.com/blog/salt-typhoon-an-analysis-of-vulnerabilities-exploited-by-this-state-sponsored-actor
ThreatMon. (2025, October 9). A New Frontline: How Cyber Warfare Shaped the Military and Defense Landscape in 2025. Retrieved from https://threatmon.io/a-new-frontline-how-cyber-warfare-shaped-the-military-and-defense-landscape-in-2025/
U.S. Department of Defense. (2024). Defense Industrial Base Cybersecurity Strategy 2024. Retrieved from https://dodcio.defense.gov/Portals/0/Documents/Library/DIB-CS-Strategy.pdf