Cybersecurity is inseparable from geopolitics. Ongoing conflicts, sanctions, trade wars, geoeconomic rivalry, and technological competition have pushed state competition into cyberspace. States use cyber operations to exert pressure on rivals, enabling disruption without resorting to conventional weapons.
Infrastructure vulnerabilities in a geopolitical context
72% of IT leaders worry that nation-state cyber capabilities could tip into a full-scale cyberwar, and that critical infrastructure would be hit hardest.
Although the cause was not a cyberattack, the large-scale power outage on the Iberian Peninsula showed how serious the consequences of similar disruptions could be in the future.
President Donald Trump hinted that the United States used its cyber capabilities to cut power in Caracas during the operation that captured Venezuela’s leader, Nicolás Maduro, representing a rare public acknowledgment of cyber activity linked to military action.
The ability of one state to cut another’s electricity or water supply puts civilians at risk alongside military infrastructure, a concern reflected in several recent incidents across Europe.
Sonia Kumar, Senior Director of Cyber Security at Analog Devices, said: “It is difficult to know how prepared smart grids are to withstand a coordinated multi-staged cyberattack, and I wouldn’t like to guess. We can, however, look back to the attack against the Ukrainian power grid in 2016 to learn some valuable lessons. That nation-state sponsored cyberattack caused a power grid to go down for about six hours and left over a million people without power.”
In 2025, Russian hackers took control of a Norwegian dam and opened a floodgate, allowing water to flow for several hours before the intrusion was discovered, Norway’s intelligence service said. Later that year, Poland disclosed an attempted disruption of its power grid that brought the country close to a blackout before the incident was contained.
Officials and analysts often link such incidents to the EU’s support for Ukraine in the war against Russia. The conflict has widened divisions with Moscow and has been followed by rising tensions and more hybrid activity, including drone incidents near European airports and coordinated disinformation efforts.
Disinformation and the battle for public perception
Disinformation campaigns are shifting fast. AI-generated content, especially short videos built for social media, now reaches large audiences in a short time. This material often feeds political tension. Several hours after the arrest of Venezuela’s president, false images appeared online that purported to show him in the company of security agents.
State actors, political operatives, and interest groups use disinformation to shape public opinion during conflicts and elections, applying psychological and social pressure to mislead audiences and widen divisions. From Kyiv to Moscow, and from Washington to Beijing, propaganda and media manipulation have become standard tools in contemporary conflicts.
By controlling information at home and spreading false narratives abroad, authoritarian regimes seek to influence democratic states, with Russia playing a prominent role in disinformation linked to geopolitical disputes.
In recent years, propaganda linked to Russia’s sphere of influence has focused on content aimed at discrediting European Union politicians, with particular attention on Ukraine’s president. Ongoing tensions between the US and Denmark over Greenland have been accompanied by false claims targeting Danish political figures.
Large protests are underway in Iran. Authorities have tightened control over communications infrastructure through internet shutdowns and traffic filtering. These measures limit access to independent information and create conditions that allow manipulated content to spread.
Reports circulated that even Starlink services had been shut down, but additional information indicates the system has remained available during the protests. Officials continue to post online, and the state-run media agency IRIB has published a list of websites that remain accessible to the public.
State involvement in cyber activity
Russia
Russia is often described as a major hub for ransomware gangs. These groups target organizations, encrypt sensitive data, and demand ransom payments, usually in cryptocurrency, in exchange for decryption keys. Some analysts say Russian authorities have tolerated parts of this ecosystem, though the extent of any official involvement remains difficult to determine.
Iran
Iran has frequently used cyber operations in response to perceived political pressure, targeting U.S. institutions, allied private companies, and municipal systems. These actions have included website disruption, data destruction, ransomware campaigns against municipalities, and attempted interference with infrastructure. Iran’s cyber activity combines state-directed operations with criminal tactics, providing Tehran with additional means to apply pressure during periods of tension.
North Korea
North Korean cyber groups continue to combine espionage with financially driven activity.A recurring tactic involves infiltrating organizations through remote work arrangements, with operatives posing as legitimate IT workers. They have also carried out large-scale cryptocurrency thefts targeting exchanges and blockchain platforms, generating billions of dollars to fund the regime in Pyongyang.
China
China’s cyber activity is most often linked to espionage and long-term intelligence gathering rather than direct financial gain. Chinese state-aligned groups have been associated with campaigns targeting government agencies, technology firms, and critical industries, with the aim of accessing sensitive data, intellectual property, and strategic information.
Cyber sovereignty reshapes security planning
Governments and organizations treat resilience as a matter of sovereignty and self-reliance tied to control over infrastructure, data, and supply chains, according to the World Economic Forum’s Global Cybersecurity Outlook 2026.
During 2025, economic uncertainty and geopolitical instability intensified global cyber risk and reduced predictability for threat planning. Political tensions and trade disputes are reshaping alliances and technology dependencies, contributing to fragmentation across digital ecosystems.
Many public and private entities are reassessing reliance on foreign technology providers and global cloud platforms due to concerns about jurisdiction, data protection, and supply chain exposure.
These concerns are beginning to shape concrete decisions. Amazon has made the AWS European Sovereign Cloud generally available, with infrastructure, operations, and governance structured to meet regional legal and policy requirements.
The start of 2026 points to continued global instability with direct implications for cybersecurity. In response, geopolitical risk must be incorporated into organizational security strategy and investment planning.