Cyber Threats: Challenges and Implications for International Security

The last five years have been very intense in terms of cyber operations. With a significant annual increase in the number of devices, networks, and systems of all kinds, the emergence of new technologies often too fast compared to the ability of populations to adapt, and a very unstable geopolitical situation, cyber threats are undoubtedly taking on increasing importance in the landscape of threats to the security of States. 

Although cyberattacks do not currently have the same impact as physical attacks such as missiles and armed drones, their frequency is much higher, and their impact on populations and governments can be just as damaging in the more or less long term. Based on the trends of recent years, here are the main predictions concerning cyber threats that will significantly impact the national security of States in 2025.

State-Sponsored Cyber Operations

State-sponsored activities have impacted global security and stability in recent years, significantly increasing cyberattacks for disruptive espionage and disinformation purposes. In terms of state-sponsored activities, several states, including China, Iran, and North Korea, are often accused of being behind aggressive and sophisticated offensive cyber operations, primarily against Western countries.

China: Chinese cyber operations have been characterized for several years by focusing on economic espionage, intellectual property theft, and military advantage. Chinese state-sponsored groups such as APT41 and Hafnium have demonstrated sophisticated capabilities to infiltrate networks across a variety of sectors, including defense, technology, and healthcare. 

The country’s cyber activities often align with national priorities, such as improving technological and military capabilities. Risks include persistent threats to proprietary commercial information, supply chain disruptions, and exploitation of critical infrastructure vulnerabilities. The widespread use of zero-day exploits and advanced malware underscores the need for heightened vigilance and robust defenses. In 2025, China will probably continue to pursue a very aggressive cyber operations policy, particularly against Taiwan and the United States.

Russia: Russia is one of the major cyber actors, with operations mainly focused on political interference, espionage, and military objectives. State-sponsored groups such as Fancy Bear (APT28) and Cozy Bear (APT29) have conducted high-profile campaigns, such as the SolarWinds supply chain attack and U.S. election interference efforts. Russian cyber activities frequently involve disinformation campaigns, ransomware, and sophisticated intrusion techniques to undermine trust in institutions and destabilize adversaries. 

Since the beginning of the war against Ukraine, Russia has launched a huge number of cyberattacks against Ukraine and its Western allies. In 2025, the country will continue its cyber operations, becoming more complex and difficult to detect. The risks posed by Russian cyber operations are global, impacting governments, businesses, and critical infrastructure, with significant geopolitical and economic consequences. 

Iran: Iran’s cyber operations are often oriented toward regional influence, political retaliation, and weakening adversaries. Iranian groups, such as APT33 and APT34, have a history of deploying wiper malware, ransomware, and spear-phishing campaigns. These operations often target the energy sector, financial institutions, and government agencies. Iran’s evolving cyber arsenal also includes disruptive attacks against industrial control systems, which pose significant risks to critical infrastructure. 

While less technically advanced than China or Russia, Iranian operations are opportunistic and can cause significant damage, particularly to adversaries with weaker cybersecurity defenses. Since the beginning of the war between Israel and Gaza, Iran, in cooperation with certain cyber groups, has continued to launch cyber attacks against Israeli targets. The geopolitical context in the Middle East means that in 2025, Iran will probably continue to develop its cyber arsenal and will certainly lead multiple campaigns of cyber attacks and influence against Israel, also friends of certain Western countries.

North Korea: North Korea’s cyber operations are primarily motivated by financial gain and regime survival. Groups such as Lazarus Group and Kimsuky focus on generating revenue through cybercrime, including cryptocurrency theft, ransomware attacks, and financial fraud. The country also engages in espionage activities targeting South Korea, the United States, and Japan. 

Despite limited resources compared to other nation-states, North Korea focuses on asymmetric cyber tactics that have proven highly effective, with operations such as the Sony Pictures hack and the WannaCry ransomware attack demonstrating its ability to cause large-scale disruption. The risk lies in its unpredictable and aggressive approach, which often indiscriminately targets public and private entities.  In 2025, North Korea is expected to continue and potentially intensify its cyber operations, building on the significant activities observed last year.

For some time, these countries have entered security agreements at the military and cyber levels. These cyber activities also contribute to the increase in already high geopolitical tensions. State-sponsored cyber activities often result from political, strategic, and military decisions. In 2025, we can expect increased cyber espionage, disruption, and disinformation activity from the countries mentioned earlier. 

The interplay between technological advances and state-sponsored risks underscores an urgent need for increased international cooperation, with cybersecurity and intelligence-sharing agreements and diplomatic strategies to address this growing cyber threat landscape.

Ransomware and Financially Motivated Cybercrime

Cybercrime is considered one of the greatest threats to national security, as it compromises critical systems, disrupts economic stability, and endangers government and civilian interests. Cybercrime is not just a technical challenge but a strategic and societal threat, requiring a coordinated and resilient response at all levels. In 2025, the ransomware and cybercrime landscape is expected to evolve further, driven by the emergence of new technologies, geopolitical tensions, and increasing sophistication of attackers. 

Over the past decade, ransomware attacks have evolved significantly in terms of threat actors, modus operandi, and attack vectors. Ransomware is arguably one of the greatest cybercrime threats, if not the greatest. Ransomware attacks are among the most disruptive and damaging cyber threats for many governments and private entities. With ransom demands far exceeding the cost of development, ransomware attacks are very lucrative for cybercriminals. 

There are many ransomware groups, but a limited number of groups with varying consistency carry out most attacks. Moreover, ransomware as a service has been proliferating for several years on the dark web, making it more widespread and an accessible cyber weapon for many cybercriminals who are not ransomware specialists. 

Use of AI for social engineering and fraud

In addition to ransomware, the coming year will likely see a surge in other cyberattacks that leverage artificial intelligence. Advances in AI and data analytics have enabled cybercriminals to craft highly personalized and convincing social engineering attacks. Deepfake and text-to-speech are commonly used to deceive individuals, leading to significant unauthorized access and financial fraud. Finally, malicious actors' use of AI for malware development poses significant risks, as it can create more sophisticated, adaptable, and harder-to-detect threats.

The challenges in terms of cyber threats are numerous. If we observe that threat actors are very often one step ahead of security authorities, in the coming years, governments will have to try to reverse the trend with better anticipation and management of cyber threats, whatever they are, using artificial intelligence and other useful technologies in the fight against ever-more-numerous and sophisticated cyber threats.