Behind every cyber attack is increasingly a political intention. Banks paralyzed, energy networks sabotaged, polarizing narratives disseminated on a large scale: an underground confrontation is silently reshaping the map of international power relations, without always being able to identify the true authors. Between state operations, organized cybercrime, and instrumentalized hacktivism, cyberspace has become a lever of influence, coercion, and destabilization.
By Lucien Chaya Podeur, cybersecurity expert at XMCO
In 2026, digital conflict is emerging as a direct extension of geopolitical rivalries, where the distinction between state actors, criminal structures, and ideological groups tends to blur. To this dynamic are added the continuous operations of APT groups sponsored by states targeting governments, critical infrastructures, private companies, and civil society organizations to serve foreign policy goals.
The cyber operations happening in Eastern Europe, the Middle East, and Asia show that cyber operations now go beyond mere technical disruption to be part of a political power dynamics, making cyberspace a real instrument of influence, coercion, and legitimation. In the Middle East, the media coverage in 2025 of operations opposing actors linked to Iran and Israel, targeting financial and energy infrastructure, illustrates this use of the cyber lever to influence the conflict dynamics and maintain a strategic denial.
This trend is exemplified by the cyber attack claimed by the pro-Israeli collective Predatory Sparrow against the state-owned Iranian bank Bank Sepah, which caused significant service interruptions for clients and disrupted the critical financial infrastructure’s operation. In this context, states increasingly rely on proxies, whether private groups or cybercriminal structures, to pursue their geopolitical objectives while obscuring the direct attribution of their actions.
In Ukraine, sustained attacks on the energy network, combining kinetic strikes and intrusions into industrial systems, illustrate the will to pressure authorities and populations to influence Kiev’s strategic decisions. Russian military intelligence services (GRU) have been regularly observed targeting the infrastructure and actors supporting Western logistical support for the Ukrainian war effort, while disinformation operations aimed at Europe have become more complex and structured as the conflict approaches its fourth year.
Hacktivism emerges as a central factor in digital conflict, carried by collectives with shifting allegiances that articulate ideological claims, online mobilization logics, and more or less explicit support from state agendas. Operations in the wake of the conflict between Iran and Israel exemplify this hybridization, combining Distributed Denial of Service (DDoS) campaigns, intrusion attempts into critical infrastructures, and broad-scale dissemination of polarizing political narratives.
Groups like NoName057 and DarkStorm contribute to blurring the lines between political activism, cyber service provision through DDoS operations, and indirect relay of state interests, with DarkStorm standing out for its central pro-Palestinian and anti-NATO narratives.
The campaigns led by hacktivist groups, often echoed in encrypted messaging and major social networks, are part of an informational confrontation logic that mobilizes sophisticated psychological and narrative mechanisms. They aim to both degrade the opponent’s response capabilities by disrupting information systems and decision-making chains and shape public perception of the conflict through emotional, polarizing content presented as “exclusive”.
This range of actions is part of a continuum between cyber operations, information warfare, and influence strategies, contributing to a clouding of information that complicates attack attribution and makes it harder to distinguish between state, para-state, and private actors. By doing so, it grants certain states maneuvering room to instrumentalize these groups, test capabilities, widen the spectrum of possible responses, and create conditions for legitimizing clandestine actions carried out in their name.
Faced with the increasing hybridization of cybercrime, hacktivism, and state operations, efforts to regulate cyberspace, from EU cyber resilience standards to UN discussions on possible non-coercive standards for cyber-arsenals’ use, struggle to establish themselves in a fundamentally transnational and anonymous domain.
