Russia is secretly waging a cyberwar against the UK, GCHQ chief claims
Moscow-linked threat actors are allegedly targeting supply chains and critical infrastructure in undeclared hybrid warfare operations.
Russia is "relentlessly" targeting UK critical infrastructure as part of an undeclared hybrid war against the West, GCHQ Director Anne Keast-Butler has warned.
In a speech at Bletchley Park - home of Britain's famous World War II codebreakers - the spy chief said that Moscow's threat actors are waging a clandestine cyberwar as the Kremlin's troops fight a physical conflict in Ukraine.
Meanwhile, China is posing an ever greater threat to Britain and its democratic allies as it becomes a technology superpower and increases its capabilities "across intelligence, cyber and military agencies", the GCHQ boss warned.
The worsening global threat landscape means "the ground beneath our feet" is shifting dangerously, leaving only a brief opportunity for Britain to maintain a lead in critical technologies likely to play a pivotal role in the digital battlespace of tomorrow.
Keast-Butler reported that GCHQ is working around the clock to defeat cyber attacks and defend against "reckless sabotage and assassination attempts".
She added: "In the face of such aggression and chaos, GCHQ is working tirelessly with intelligence and Defence partners to degrade and reduce the Russian threat.
"As we remain steadfast in our support for Ukraine, Putin is going backwards on the battlefield."
Life during hybrid wartime
In her speech, the GCHQ director offered Britain's consumers and businesses the following advice on how to stay safe in an era of shadowy hybrid warfare: "At home that means taking important action now to switch passwords for passkeys, and for wider society, it means hard-wiring security into new technologies, protecting supply chains and making cyber security 10 times more urgent."
The risk cyber attacks now pose to national security is greater than ever before due to the interconnectedness and fragility of modern digital society, said Graeme Stewart, head of public sector at Check Point.
He explained: "For years, cyber attacks were treated like someone rattling the handle on a locked door. Irritating, disruptive, but contained. Now they spread more like a fire moving through connected buildings.
"One compromised supplier, one stolen password, or one vulnerable system can spread through hospitals, retailers, logistics networks, and public services within hours because modern infrastructure is so tightly interconnected.
"That is why the warning from GCHQ feels so serious. These attacks are becoming more coordinated, more aggressive, and far more strategic. Too many organisations still think cyber security sits quietly with the IT department in the background. It now sits much closer to public safety and national resilience.
"A century ago, cities learned that a single fire could spread block by block if the protections were weak. The digital world works the same way. One vulnerability can quickly become everybody’s problem."
READ MORE: European Central Bank summons lenders over AI security threat to banking infrastructure
Andrea Sivieri, Chief Product and Technology Officer at CoreView, called on British authorities to focus on Microsoft configuration resilience to help the UK stay ahead of Russia, China and other adversaries
Sivieri said: "The UK's technological edge depends on more than detecting known threats. State actors and sophisticated criminal groups have moved on, and so has the attack surface. The fastest growing entry point into UK organisations today isn't a phishing email or an unpatched server. It's a Microsoft tenant whose configuration has drifted out of a safe state.
"We see now see breaches begin with a misconfigured Microsoft permission or conditional access policy. Attackers don't need to steal a single password. They find a gap in how the tenant is configured, pivot through it, and from there, they can elevate privileges, weaken controls, and embed themselves for the long term.
"This is what makes Microsoft configuration takeover so dangerous. It looks like normal administrative activity, so it doesn't trigger the alarms that a traditional intrusion would. Worse, most organisations have no clear baseline of what their tenant should look like, so once an attacker has been inside, they can't tell what has been altered, what is still trustworthy, or how far the compromise has spread.
"If the UK is serious about staying ahead of China, Russia, and the criminal groups that follow in their wake, configuration resilience has to sit alongside threat detection as a national priority. The companies that are getting this right treat their Microsoft tenant the way they treat their financial controls: continuously monitored, with a known-good state they can always return to."
