How Rising Geopolitical Tensions Trigger War in Cyber Space

Cybersecurity is not just about ransom or data loss or reputational damage – it is now a matter of national security. 

The shaking up of the geopolitical order under US President Donald Trump and the power struggle that ensued forced nations with lesser military ammunition to draw from their cyber war chest. 

The news of relentless cyber attacks and state-backed cyber operations aimed at espionage should be proof enough, but the 2026 State of Security Report released by Recorded Future more than validates these concerns. 

“Uncertainty is no longer episodic – it’s the operating environment,” says Levi Gundert, Chief Security & Intelligence Officer at Recorded Future. 

“As geopolitical norms weaken, state objectives, criminal capability and private-sector technology are increasingly reinforcing one another, compressing warning timelines and expanding plausible deniability. 

“AI is accelerating that dynamic not through autonomous attacks, but by scaling deception and eroding trust inside decision-making processes. 

“In 2026, cyber risk will be defined less by singular events and more by persistent, fragmented pressure that reshapes competition, escalation and stability over time.”

Geopolitical fragmentation and always on cyber war front 

In 2025, when Russia entered the fourth year of its full scale war with Ukraine, cyber emerged as a major front of war. 

The Recorded Future report states that: “Russian state-sponsored cyber threat actors maintained persistent pressure on Ukrainian and NATO-aligned critical infrastructure, particularly in the energy, logistics and communications sectors, to collect intelligence, map networks and position themselves for potential disruptive action.”

The Middle East was not unaffected by conflict in 2025, as the Iran-Israel power struggle demonstrated the damage done by mutual cyber warfare. 

South Asia had its share of conflicts, with the escalation of tensions between the nuclear armed India and Pakistan, after which covert cyber espionage operations followed – led by Pakistan’s APT-36, or Transparent Tribe, and India’s SideWinder group. 

Meanwhile, US operations under President Donald Trump – aimed at asserting dominance in the western hemisphere – is creating further geopolitical rifts.

Recorded Future's Insikt Group identified a rise in the activity of pro-Venezuelan influence operation network ION-69. The group criticises US operations in the months leading up to the arrest of President Nicolas Maduro.

In the east, China is also increasingly relying on cyber espionage and has been known to target over 45 nations with its cyber activity.

Recorded Future report tags China, Russia, Iran and North Korea as “the four most capable and consistently active hostile state cyber threat actors”.

“Cyber operations are no longer preparation for conflict – they are part of conflict,” says Dr. Christopher Ahlberg, Co-Founder of Recorded Future. 

“What we’re seeing is that adversaries are logging in, not hacking in.

“This is a shift toward access, influence and leverage that can be activated at moments of political or military tension, often below the threshold of traditional response.”

Commercial spyware as potent cyber weapons

With over 80 nations reportedly having purchased spyware and tools of such nature, a commercial spyware ecosystem has emerged with great potential for abuse of power, as the report shows. 

This explains the rise of targeted spywares such as: Pegasus spyware, Predator spyware, Graphite spyware, Devil’s Tongue Malware and their persistent activity. 

Even though international efforts were brought forward such as The Pall Mall Code of Practice (CoP) brought forward by the UK and France, which was aimed at establishing norms on how spyware is to be handled, the legislation remains non-binding and does not include a large number of states that are most implicated by spyware. 

Cyber Predictions for 2026: AI powered disinformation

The 2026 State of Security Report bets on increased covert cyber activity that prioritises access-first, low-visibility operations before overt conflicts.

The report looks ahead at a future where Chinese state sponsored actors “expand beyond data exfiltration into AI-enabled narrative flooding” that reshapes the digital environments in tailored influence operations. 

Abuse of identity and single sign-on (SSO) platforms are likely the path that Russian state-sponsored threat actors may take, as they slowly diverge away from malware heavy campaigns in favour of credential-based intrusions.

The report estimates Iran cyber operations to remain regional as it relies on hacktivist proxies to amplify their messaging, while disruptive operations are likely in case of conflict escalations. 

North Korean cyber activity is wide, financially motivated and targets over 70+ nations and the report says that they are likely to further “integrate workforce infiltration and supply-chain manipulation, using fraudulent hires, shell companies and insider access to manipulate codebases, suppress patches, exfiltrate data and generate revenue across SaaS, DevOps and software supply-chain environments”.

In addition to state sponsored crimes that will likely shift fully to persistent pressure, Recorded Future predicts connectivity disruption to become the go-to tool of coercion in 2026.

The power of AI will surely be leveraged in disinformation campaigns that focus on volume rather than credibility, setting stage for politically motivated messaging flooding the globe in 2026.