Behind each cyberattack there is increasingly a political intention. Paralyzed banks, sabotaged energy networks, polarizing narratives broadcast on a large scale: an underground confrontation is silently redrawing the map of international power relations, without us always being able to identify the real authors. Between state operations, organized cybercrime and exploited hacktivism, cyberspace has become a lever of influence, coercion and destabilization.
Par Lucien Chaya Poudreexpert in cybersécurité chez XMCO
In 2026, the conflictuality and numbers asserts itself as a direct extension of geopolitical rivalries, where the distinction between state actors, criminal structures and ideological groups tends to blur.
Adding to this dynamic are the ongoing operations of state-sponsored APT groups sophisticatedly targeting governments, critical infrastructure, private businesses and civil society organizations to further foreign policy objectives.
Cyberspace: instrument of geopolitical coercion
The campaigns orchestrated by these groups respond directly to geopolitical objectiveswhether they take the form of diplomatic espionage operations, energy sabotage in Europe, or clandestine financing via the massive theft of cryptocurrencies.
ENISA, in its report Threat Landscape 2025finally comes under a structural trend towards the pooling of resources between criminal and state actors. The former benefit from know-how and access vectors from the intelligence sphere, while the latter exploit infrastructures traditionally associated with cybercrime, such as broker networks, crypto-asset laundering services or clandestine data markets.
Recent examples in Eastern Europe, the Middle East and Asia show that cyber operations now go beyond simple technical disruption to be part of a logic of political balance of power, making cyberspace a real instrument of influence, coercion and legitimization. In the Middle East, the media coverage in 2025 of operations opposing actors linked to Iran and Israel, targeting in particular financial and energy infrastructures, illustrates this use of cyber leverage to influence the dynamics of the conflict while maintaining a certain degree of strategic denial.
This trend is notably embodied by the cyberattack claimed by the pro-Israeli collective Predatory Sparrow against the Iranian state bank Bank Sepah, which caused significant service interruptions for customers and disrupted the functioning of this critical financial infrastructure. In this context, states increasingly rely on proxies, whether private groups or cybercriminal structures, in order to pursue their geopolitical objectives while blurring the direct attribution of their actions.
In Ukraine, the sustained attacks against the energy network, combining kinetic strikes and intrusions into industrial systems, illustrate this desire to put pressure on the authorities and populations to influence kyiv’s strategic choices. Russian military intelligence services (GRU) have been regularly observed targeting infrastructure and actors providing Western logistical support to the Ukrainian war effort, while les opérations de désinformation turned towards Europe became more complex and structured as the conflict approached its fourth year.
Hacktivism and information wars
Hacktivism is establishing itself as a central vector of digital conflict, carried by collectives with shifting allegiances which articulate ideological demands, logic of online mobilization and more or less explicit support for state agendas. The operations carried out in the wake of the conflict between Iran and Israel illustrate this hybridization, the latter combining Distributed Denial of Service (DDoS) campaigns, attempted intrusions into critical infrastructures and dissemination of polarizing political narratives on a large scale.
Groups like NoName057et DarkStorm thus participate in the erosion of borders between political activism, provision of cyber services through DDoS operations and indirect relays and therefore state interests, DarkStorm distinguishing itself in this respect by the centrality of its pro-Palestinian and anti-NATO narratives.
The campaigns carried out by hacktivist groups, frequently relayed within encrypted messaging systems as well as on the main social networks, are part of a logic of informational confrontation which mobilizes sophisticated psychological and narrative mechanisms. They aim simultaneously to degrade the adversary’s ability to react, by disrupting its information systems and decision-making chains, and to orient the public perception of the conflict through the dissemination of emotional, polarizing content or content presented as “exclusive”.
This register of action is part of a continuum between cyber operations, information warfare and influence strategies, contributing to the maintenance of an information fog which complicates the attribution of attacks and makes it more difficult to distinguish between state, parastatal and private actors. In doing so, it offers certain states leeway to exploit these groups, by testing their capabilities, by broadening the spectrum of possible responses and by creating the conditions for legitimizing clandestine actions carried out in their name.
Faced with this growing hybridization between cybercrime, hacktivism and state operations, efforts to regulate cyberspace, from European Union standards in terms of cyber-resilience to UN discussions concerning possible non-coercive standards for the use of cyber-arsenals, are struggling to impose themselves. in a domain that is essentially cross-border and anonymous.
ALSO READ:
Secu
The ANSSI “2025” report mainly recounts the trivialization of the invisible attack
ALSO READ:
Secu
In 2026, heading towards the new era of cyber-resilience
We’ll send you a validation email!
:fill(black)/2026/05/11/6a01d15299ad1738319970.jpg "Holidays: all crazy about muscles?")
