The boundaries between geopolitical issues and cyber operations are becoming increasingly blurred, with various hacktivist, disinformation, and nation-state advanced persistent threat (APT) activities directly influenced by critical geopolitical tensions and conflict.

  • Hacktivism has emerged as a powerful tool in conflicts such as the Russia-Ukraine war and the Israel-Hamas war
  • Disinformation has become a key element in shaping public perception around global events like elections and wars
  • Nation-state APTs are intensifying both their cyberespionage and destructive activities, often collaborating with cybercriminals to afford ‘plausible deniability’

Our latest report, created using insights from open-source  data on the Silobreaker Intelligence platform, dives into various examples of threat actors and campaigns that are directly influenced by recent geopolitical events.

The evolution of hacktivism

For example, both the Russia-Ukraine war and Israel-Hamas war have seen heightened hacktivist activity, with numerous new groups emerging. Some groups have also formed alliances, while others are suspected of being government-sponsored, further raising concerns about the increasing scale, complexity and coordination of hacktivist campaigns.  A shift towards more destructive activity was also observed, indicating that hacktivist activity may no longer be purely motivated by ideological notions, but also monetary incentives.

The use of disinformation in key global events

Disinformation was also very prominent throughout 2024 in relation to ongoing conflicts globally, but also in relation to elections, likely due to the number of elections that took place globally. Artificial intelligence (AI) plays a particularly important role in modern disinformation campaigns, with many leveraging AI to create fake news articles that push divisive narratives, provoke international tensions and fuel conflict. The role of disinformation during wartime and election periods highlights the growing overlap between cyber and geopolitics, revealing how digital tools are used to manipulate narratives and influence global perceptions.

State sponsored activity by APTs

Finally, state-sponsored activity by APTs is a defining feature of modern geopolitics. Compared to cybercriminals, these actors are well-funded and sophisticated, making them a more challenging threat. Espionage continues to be a common aim of nation-state APT activity, but more destructive attacks have also been observed, with the use of wiper malware and ransomware seen throughout the Russia-Ukraine and Israel-Hamas wars. Compared to kinetic attacks, cyberattacks are often near impossible to attribute to a specific country, especially in cases of collaboration with known cybercriminal groups.

The examples discussed in the report demonstrate the need for a cross-disciplinary approach when dealing with intelligence. Nowadays, it is essential for cyber threat intelligence teams to look at the larger strategic picture and also incorporate geopolitical intelligence into their day-to-day, otherwise major threats to their organisation may be missed.

A copy of the full report is available here. If you would like to know more about how Silobreaker can help your organisation in achieving this, please get in touch here.