Introduction
In 2024 [1], geopolitical tensions have profoundly impacted the cybersecurity landscape, leading to a significant rise in state-sponsored advanced persistent threat (APT) attacks and hacktivism [2] [4], particularly targeting critical infrastructure [1]. This escalation is largely driven by ongoing global conflicts, with Europe and the Asia-Pacific regions experiencing the most substantial increases in cyber incidents.
Description
Geopolitical tensions in 2024 have significantly influenced the cybersecurity landscape, resulting in a marked increase in state-backed advanced persistent threat (APT) attacks and hacktivism targeting critical infrastructure [1]. Reports indicate a substantial rise in incidents, with a notable 58% annual increase in APT attacks. Europe has seen the largest surge, accounting for 18% of these incidents, primarily driven by ongoing conflicts such as the Russia-Ukraine war [2] [4]. The government and military sectors remain the most targeted [2] [4], comprising 16% of incidents [2] [4], followed by manufacturing at 5% [2] [4].
Hacktivism has also escalated [2] [4], particularly in the Asia-Pacific (39%) and Europe (36%) regions [2] [4], with Ukraine emerging as a primary target in Europe [2] [4], representing 17% of total hacktivist activities [2] [4]. The government and military sectors again faced significant threats [2] [4], with 6% of incidents directed at them [2], while manufacturing accounted for 4%. Notably, hacktivist groups like CyberArmyofRussia_Reborn (CARR) have exploited vulnerabilities in internet-exposed operational technology (OT) devices, demonstrating that even basic techniques can lead to substantial disruptions [1].
The collaboration between state-sponsored groups and cybercriminals has become increasingly evident, with groups such as KAMACITE and ELECTRUM actively targeting critical infrastructure in Ukraine [1]. KAMACITE has utilized the Kapeka backdoor to compromise Ukrainian entities [1], while ELECTRUM has worked alongside hacktivists to obscure its operations. Additionally, the VOLTZITE threat group has focused on exfiltrating OT-related data and leveraging compromised infrastructure to target critical sectors [1].
The use of ICS-specific malware [1], including Fuxnet and FrostyGoop [1], has been observed as a strategic tool in ongoing geopolitical conflicts [1], with significant implications for the broader OT/ICS community [1]. Fuxnet has been linked to disruptions in industrial sensors [1], while FrostyGoop has caused heating outages in Ukraine [1]. This normalization of attacks on industrial devices by various threat groups underscores the increasing risks faced by ICS asset owners and operators [1].
Conclusion
As the frequency of these attacks rises [3], there is a pressing need for enhanced cybersecurity measures. Organizations are urged to improve visibility and monitoring of OT environments, conduct thorough attack surface analyses [1], and strengthen incident response plans to mitigate vulnerabilities and protect critical infrastructure from both state-backed and hacktivist threats [1]. The ongoing collaboration between state and non-state actors raises concerns about the transfer of knowledge and capabilities, enabling non-state actors to effectively target industrial control systems [3]. The future of cybersecurity will depend heavily on proactive measures and international cooperation to address these evolving threats.
References
[1] https://cdotimes.com/2025/02/25/ransomware-state-actors-hacktivists-exploited-geopolitical-tensions-to-target-critical-infrastructure-in-2024-industrialcyber/
[2] https://www.infosecurity-magazine.com/news/geopolitical-tension-fuels-apt/
[3] https://cyberscoop.com/dragos-ot-ics-annual-report-states-collaborating-with-private-hacking-groups/
[4] https://ciso2ciso.com/geopolitical-tension-fuels-apt-and-hacktivism-surge-source-www-infosecurity-magazine-com/
