UK Cyber Chief Warns Russia, Iran and China Behind Most Serious Cyberattacks
UK Cyber Chief: Russia, Iran, China Behind Serious Cyberattacks

UK Cyber Chief Warns Russia, Iran and China Behind Most Serious Cyberattacks

The head of the UK's National Cyber Security Centre has issued a stark warning that hostile nations, including Russia, Iran, and China, are now responsible for the most serious cyberattacks targeting the United Kingdom. In a speech delivered on Wednesday, Richard Horne emphasised that British businesses must urgently prepare to defend against large-scale cyber threats, particularly if the UK becomes embroiled in international conflicts.

Geopolitical Shifts and Escalating Threats

Richard Horne, who leads the NCSC—a division of the UK's signals intelligence agency GCHQ—described the current era as "the most seismic geopolitical shift in modern history." He cautioned that the UK could face targeted cyberattacks "at scale" in conflict scenarios, making it imperative for organisations to bolster their defences. The NCSC currently manages approximately four "nationally significant" cyber incidents each week, with state-sponsored attacks posing the gravest risk despite ransomware remaining more common.

Sophisticated State-Sponsored Operations

Horne detailed the advanced tactics employed by hostile nations. He noted that China's intelligence and military agencies demonstrate an "eye-watering level of sophistication in their cyber operations," while Iran is "almost certainly using cyber activity to support the repression of British individuals on our streets who are seen as a threat to the regime." Meanwhile, Russia has refined techniques from its war in Ukraine, extending them beyond the battlefield through "sustained Russian hybrid activity" targeting the UK and Europe.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Incident Statistics and Government Response

UK Security Minister Dan Jarvis revealed that the NCSC handled over 200 nationally significant incidents last year—more than double the previous year's figure. Speaking at the CyberUK conference in Glasgow, Jarvis warned that hostile states often avoid direct confrontation, instead "quietly hollowing us out" by hacking logistics systems or compromising businesses. He cited a cyberattack on Jaguar Land Rover that impacted economic growth, likening it to physical vandalism at car dealerships.

European Infrastructure Under Attack

Recent months have seen a surge in cyberattacks on critical infrastructure across Europe, with authorities in Sweden, Poland, Denmark, and Norway attributing incidents to Russian-linked hackers. Examples include:

  • A cyberattack on a Swedish heating plant last year, linked to a pro-Russian group with ties to Russia's security services.
  • Coordinated attacks in Poland on combined heat and power plants, affecting nearly 500,000 customers, as well as wind and solar farms.
  • A hack in Norway affecting water flows from a dam in April 2025, and an attack on a Danish water utility in 2024 that left homes without water.

These are among more than 155 disruption incidents—including arson, sabotage, and espionage—linked to Russia or its proxies since the invasion of Ukraine in 2022.

The Role of Artificial Intelligence

Jarvis highlighted that AI is exacerbating cyber threats by enabling adversaries to identify system vulnerabilities "faster than any human team can patch them." He called for collaboration between AI companies and the UK government to develop tailored programs that enhance the nation's cyber defences, stressing the need for proactive measures in an increasingly digital landscape.

Urgent Call for Resilience

Horne emphasised that in conflict situations, companies cannot simply pay ransoms to recover data, unlike with typical ransomware attacks. Therefore, every organisation must comprehend the "full extent" of their risk and improve cyber defences preemptively. He urged businesses to learn from how cyber operations have been used in conflicts to boost their own resilience, as the UK navigates a precarious space between peace and war, as noted by MI6 head Blaise Metreweli in December.

Pickt after-article banner — collaborative shopping lists app with family illustration

This warning comes amid a broader pattern of cyber aggression, with European officials reporting attacks on German air traffic control, attempts to access Signal and WhatsApp accounts of officials and journalists, and exploits targeting internet routers by hackers linked to Russian military intelligence. The collective message is clear: the UK must fortify its cyber infrastructure against an evolving and sophisticated threat landscape.