FEATURES OF MODERN STATE-SUPPORTED CYBEROPERATIONS AS A NEW FORM OF INTERSTATE CONFRONTATION
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1116Keywords:
interstate confrontation in cyberspace; cyber operations in support of states; pro-state cybercriminal groups; cyber mercenary; cyber extortion; cyber attributionAbstract
The study showed that during 2020-2025, the scale of cyberattacks carried out by states or cyber groups loyal to them increased significantly, and the methods and approaches to their implementation evolved significantly, marking the beginning of a new stage of interstate conflicts in the global digital space.
The main features of cyberattacks in support of states were identified. Like cyberincidents organized by other entities, cyberattacks by nation states are characterized by asymmetry, latency, and hybridity. The motives for malicious cyber activity by states include intelligence and espionage, economic competition and the struggle for control over resources, disruption of infrastructure, and manipulative information and psychological influence (IPI). In addition to traditional methods, states use new methods that were not previously inherent to them: cyber extortion, illegal cryptocurrency transactions, and the introduction of remote workers into competing countries.
It was found that the four leading states of illegal cyber activity include China, the Russian Federation, Iran and North Korea. Their cyberoperations have a predominantly geopolitical connotation and are aimed at increasing influence over territorially neighboring countries, with the exception of the United States. The main targets of cyber operations in support of states were IT, education and research, government systems, analytical institutions and NGOs, critical infrastructure facilities and supply chains of IT products and services.
Nationally oriented cyber actors continue to improve cyberattack methods, using automation tools, cloud infrastructure and remote access technologies, quickly exploiting unpatched vulnerabilities and actively implementing AI to make cyberattacks larger, more effective, more difficult to track, and also cheaper.
An important feature of modern state criminal activity in cyberspace is the convergence of efforts of national actors and cybercriminal groups. By providing cyberattack services, developing spyware and hacking tools, states not only strengthen and reduce the cost of their cyber efforts, but also ensure the possibility of their identifying and establishing responsibility.
Recently, the volume and importance of state cyber IPI operations have increased, which, through the use of AI tools, in particular the creation of synthetic analogues of leading online news media and the use of deepfakes, ensure the effective manipulation of public opinion and the dissemination of desired propaganda narratives in competing countries and at the international level.
It was observed that national actors are increasingly introducing remote insiders into companies of “hostile” countries, primarily to gain access to intelligence data and espionage, as well as to introduce malicious software, extortion and sabotage in the workplace.
The study showed that only in half of cases of cyberattacks, including those supported by states, their true organizers have been identified, which is a consequence of the difficulties of cyber attribution – the process of tracking the identification of the perpetrator of a cyberattack, as well as the imperfection and non-compliance by states with the norms of international cyberspace law.
The authors emphasized that a deep understanding the prerequisites and specifics of state-sponsored cyber operations will contribute to solving the problems of their detection and counteraction peacefully and within the framework of international law.
Downloads
References
The Rising Threat of State-Sponsored Cyber Warfare. 2024. ERMA. URL: https://surl.li/iygmto
2025 Threat Landscape Report. Cognite. URL: https://engage.cognyte.com/s/c8036aeb/?page=2
Jones, Seth G. The New Cyber Wars. The American Edge: The Military Tech Nexus and the Sources of Great Power Dominance. New York, 2026; online edn, Oxford Academic, 20 Nov. 2025. URL: https://academic.oup.com/book/60904/chapter-abstract/538760999?redirectedFrom=fulltext
Microsoft Digital Defense Report 2022. Microsoft. URL: https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2022
Microsoft Digital Defense Report 2025. Microsoft. URL: https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/
Microsoft Digital Defense Report 2024. Microsoft. URL: https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2024
2025 Data Breach Investigations Report. Executive Summary. Verizon. URL: https://www.verizon.com/business/resources/reports/2025-dbir-executive-summary.pdf
Cyber Operations Tracker. Council on Foreign Relation USA. URL: https://www.cfr.org/cyber-operations/#OurMethodology
Significant Cyber Incidents Since 2006. Center for Strategic and International Studies. URL: https://csis-website-prod.s3.amazonaws.com/s3fs-public/2025-11/251114_Significant_Cyber_Incidents.pdf?VersionId=GZ0fl_iuR1WJplsXUf9NzVAHHP7KspWy
Brown, G. D. (2020). State Cyberspace Operations Proposing a Cyber Response Framework. Royal United Services Institute for Defense and Security Studies. URL: https://static.rusi.org/rusi_pub_184_op_strategic_military_operations_final_web_version.pdf
MсGuire, M. (2021). Nation States, Cyberconflict and the Web of Profit. HP Wolf Security. (30 p). URL: https://threatresearch.ext.hp.com/wp-content/uploads/2021/04/hp-bps-web-of-profit-report_APR_2021.pdf
Юртаєва, К. (2022). Кібернайманство: феноменологічний аналіз та проблема правової оцінки. Юридичний науковий електронний журнал. 4. (сс. 345-348). https://doi.org/10.32782/2524-0374/2022-4/82
Павлюх, О., Санжарова, Г. (2024). Атрибуція злочину як критично важлива проблема кібербезпеки. Юридичний науковий електронний журнал. 9. (сс. 303-306). URL: https://surl.lt/aauvzq
Fleck, A. (2024). Who’s Behind Cyber Attacks? Statista. URL: https://www.statista.com/chart/31805/countries-responsible-for-the-largest-share-of-cyber-incidents/
Ribeiro A. (2025). Hacktivists, state-sponsored groups step up cyberattacks targeting manufacturing operations and OT systems. Industrialcyber. URL: https://industrialcyber.co/manufacturing/hacktivists-state-sponsored-groups-step-up-cyberattacks-targeting-manufacturing-operations-and-ot-systems/
Top 10 Supply Chain Attacks of 2025. SOC Radar. URL: https://socradar.io/blog/top-10-supply-chain-attacks-2025
Zero-day Vulnerability Database. Zero-Day tracking project. URL: https://www.zero-day.cz/database/
The growing cyber threat: Ransomware, China, and state-sponsored attacks. February 18, 2025. Gzero. URL: https://www.gzeromedia.com/global-stage/munich-security-conference/ransomware-china-and-state-sponsored-attacks
Vicens, AJ. Chinese hackers are increasingly deploying ransomware, researchers say. June 26, 2024. CyberScoop. URL: https://cyberscoop.com/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say/
Nearly 40% of 2024 Ransomware Payouts May Have Gone to Russia, China & North Korea. November 4, 2025. Heimdal. URL: https://heimdalsecurity.com/blog/ransomware-payouts-russia-china-north-korea/
Grigera Naón, C. Iran Used $2 Billion in Crypto to Run Its Militant Proxies in 2025 January 10, 2026. Yahoo Finance. URL: https://surl.lu/jefeyu
Crime. Chainanalysis. URL: https://ww.chainalysis.com/blog/category/crime/
Stanham L. AI-Powered Cyberattacks. January 16, 2025. Crowdstrike. URL: https://www.crowdstrike.com/en-us/cybersecurity-101/cyberattacks/ai-powered-cyberattacks/
How Microsoft names threat actors. Microsoft. URL: https://learn.microsoft.com/en-us/unified-secops/microsoft-threat-actor-naming
Antoniuk, D. Russian disinformation network’s infrastructure is spread across Europe, report says. July 11, 2024. Therecord. URL: https://therecord.media/doppelganger-disinformation-infrastructure-european-companies
Wu, D. Assessing China’s Cognitive Warfare against Taiwan on TikTok. October 8, 2025. SPF. URL: https://www.spf.org/spf-china-observer/en/document-detail064.html
Q2 2023 Adversarial Threat Report. Meta. URL: https://www.politico.eu/wp-content/uploads/2023/08/29/NEAR-FINAL-DRAFT-Meta-Quarterly-Adversarial-Threat-Report-Q2-2023.pdf
Defending Against State-Sponsored Cyberattacks in 2025. ISA Global Cybersecurity Alliance. URL: https://gca.isa.org/blog/defending-against-state-sponsored-cyberattacks-in-2025
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Тетяна Мужанова, Світлана Легомінова, Тетяна Капелюшна, Юрій Щавінський, Михайло Запорожченко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
