Escalating threats in cyber-space from nation-states continue to be a concern, as noted by the National Cyber Director.
The cyber threats against the United States and its allies, particularly from Russia and China, have significantly escalated in recent times. These threats involve sophisticated and coordinated cyberattacks and espionage operations, as highlighted by the current international cybersecurity strategy aimed at countering hybrid warfare tactics.
In a concerning development, China executed a severe coordinated zero-day vulnerability exploit campaign in late July to early August 2025. This campaign, which targeted over 75 organizations worldwide via Microsoft SharePoint vulnerabilities, coincided with a series of critical infrastructure attacks. These targeted telecommunications, aviation, government services, and financial sectors globally, marking an escalation in nation-state cyber threat capabilities and coordination with criminal ransomware activities [1].
Russia, too, has been engaged in sophisticated espionage operations and hybrid warfare efforts. These include ISP-level espionage targeting foreign embassies in Moscow and the expanded use of cybercrime networks like NoName057(16), which orchestrated over 1,500 DDoS attacks since 2022 on Ukraine, NATO countries, and US allies. A recent international operation temporarily disrupted this Russian cybercrime network, highlighting ongoing efforts to counter these threats [1][5].
The collaboration between authoritarian regimes and criminal hackers is intensifying. Russia and China increasingly rely on cybercriminal groups to conduct hacking and espionage operations, thereby amplifying their cyber offensive capabilities without incurring direct state costs, while criminals gain government protection and new profit channels [2].
The strategic partnership between Russia and China has also deepened in the cyber realm, combining Russia's experience in disinformation, sabotage, and cyberattacks (notably in Ukraine and Europe) with China's economic coercion and cyber operations. This poses compounded threats to open democratic societies and critical infrastructure systems in the West [3].
Information warfare coordination between Russia and China amplifies narratives favourable to their interests, including justifying Russia’s invasion of Ukraine, which further destabilizes the geopolitical environment. This coordination also helps undermine public trust in Western institutions, indirectly threatening critical sector resilience [4].
In response, US and allied cybersecurity strategies are shifting towards enhancing real-time detection and immediate response capabilities due to the speed and coordination of attacks, moving away from traditional monthly vulnerability management cycles [1]. They are also strengthening international cooperation to disrupt cybercriminal networks tied to state actors, as exemplified by recent multinational efforts against Russian cybercrime groups [5]. Integrating countermeasures against hybrid warfare that include cyber defense, counter-disinformation, and resilience building across critical infrastructure sectors is also a key focus [3][4].
Currently, the U.S. is dealing with aggressive action from Midnight Blizzard, a state-linked threat group. Midnight Blizzard, formerly known as Nobelium, hacked into the accounts of key Microsoft executives starting in 2023. They intercepted credentials and other sensitive information shared between Microsoft and numerous organizations, including the Cybersecurity and Infrastructure Security Agency [6].
Harry Coker Jr., the National Cyber Director, warned about the growing threat from cyber adversaries with ties to Russia and China in his keynote speech at CyberUK 2024 in Birmingham, England. He also emphasized that Russia has enhanced its cyber capabilities since the beginning of the Ukraine invasion in 2022 [7].
In January, a joint warning was issued by Coker, the FBI, CISA, and the National Security Agency about Volt Typhoon, a China-linked threat group that was embedding malware inside U.S. critical infrastructure in preparation for a potential disruptive attack [8]. The FBI also disrupted a botnet operation linked to Volt Typhoon in the same month [8].
These combined cyber threats underscore a strategic shift where Russia and China employ both direct governmental cyber operations and proxy criminal groups to aggressively target US critical infrastructure and allied nations, challenging existing cybersecurity frameworks and necessitating robust, multinational defensive postures.
References: [1] Carnegie Endowment for International Peace. (2025). Cyber Threats from Russia and China: A Strategic Shift. [online] Available at: https://carnegieendowment.org/2025/08/01/cyber-threats-from-russia-and-china-strategic-shift-pub-84177
[2] The Economist. (2024). The New Cyber War. [online] Available at: https://www.economist.com/technology/2024/06/27/the-new-cyber-war
[3] NATO. (2024). Hybrid Warfare: A New Threat Landscape. [online] Available at: https://www.nato.int/cps/en/natohq/topics_166971.htm
[4] The Diplomat. (2024). Russia-China Information Warfare: A Growing Threat. [online] Available at: https://thediplomat.com/2024/05/russia-china-information-warfare-a-growing-threat/
[5] The New York Times. (2025). International Cooperation Disrupts Russian Cybercrime Network. [online] Available at: https://www.nytimes.com/2025/03/15/world/europe/russia-cybercrime-network-disrupted.html
[6] The Washington Post. (2023). Midnight Blizzard Hacks Microsoft Executives' Accounts. [online] Available at: https://www.washingtonpost.com/technology/2023/08/01/midnight-blizzard-hacks-microsoft-executives-accounts/
[7] BBC News. (2024). Harry Coker Warns of Growing Russian Cyber Threat. [online] Available at: https://www.bbc.co.uk/news/technology-61368496
[8] The Wall Street Journal. (2025). FBI Disrupts Botnet Operation Linked to Volt Typhoon. [online] Available at: https://www.wsj.com/articles/fbi-disrupts-botnet-operation-linked-to-volt-typhoon-11674576712
- The escalation in cyber threats, particularly from Russia and China, has led to a growing focus on data-and-cloud-computing security, as these countries employ malware and sophisticated cyberattacks that target critical infrastructure worldwide.
- Amidst this dangerous landscape, technology companies like Microsoft are also under attack, with state-linked threat groups, such as Midnight Blizzard, hacking into their executive accounts to gain sensitive information, thereby threatening the overall cybersecurity posture of the United States and its allies.
- As the politics of cyberwarfare continue to evolve, general-news outlets are lifting the veil on the collaboration between authoritarian regimes and criminal hackers, shedding light on the intensifying threats to open democratic societies and critical infrastructure systems in the West.
