Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says

Summary

Richard Horne, head of the UK's National Cyber Security Centre (NCSC), warned that hostile nation-states—particularly Russia, Iran, and China—now pose the most serious cyber threat to the UK, with the NCSC handling approximately four nationally significant incidents weekly. He emphasized that British businesses must prepare for potential large-scale cyberattacks if the UK becomes involved in international conflict, citing recent attacks on critical infrastructure in Sweden, Poland, Denmark, and Norway attributed to Russian actors. The UK security minister noted that cyberattacks are becoming more sophisticated through AI-enabled exploitation and that state-sponsored actors are targeting logistics, utilities, and automotive sectors rather than confronting the UK directly.

Full text

The most serious cyberattacks in the U.K. are now carried out by hostile nations including Russia, Iran and China, the head of the U.K.’s National Cyber Security Centre (NCSC) said in a speech Wednesday. Richard Horne, the head of the NCSC — part of the U.K’s signals intelligence agency GCHQ — warned that the U.K. is living through “the most seismic geopolitical shift in modern history.” British businesses, he said, need to prepare themselves to defend against cyberattacks because the U.K. could be targeted “at scale,” if it became involved in an international conflict. In recent months, authorities in Sweden, Poland, Denmark and Norway have all warned that hackers linked to Russia have targeted their critical infrastructure including power plants and dams. Horne said the NCSC currently handles around four “nationally significant” cyber incidents a week and while criminal activity, such as ransomware, remains the most common problem, the most serious threat comes from cyberattacks carried out directly or indirectly by other states. Dan Jarvis, the U.K. security minister, said the NCSC handled more than 200 nationally significant incidents last year — more than double the year before. Jarvis and Horne spoke at the CyberUK conference in the Scottish city of Glasgow. Cyber operations become more sophisticated In December, Blaise Metreweli, the head of Britain’s Secret Intelligence Service, or MI6, said the world is more dangerous and contested now than it has been for decades and that the U.K. is operating in a space between peace and war.Advertisement. Scroll to continue reading. “Let’s be clear, cyberspace is part of that contest,” Horne said. China’s intelligence and military agencies display an “eye-watering level of sophistication in their cyber operations,” while Iran is “almost certainly using cyber activity to support the repression of British individuals on our streets who are seen as a threat to the regime,” he said. Moscow, meanwhile, is using tactics and techniques honed during its war in Ukraine and is “moving them beyond the battlefield,” Horne said, pointing to “sustained Russian hybrid activity” targeting the U.K. and Europe. Companies, he said, must learn how cyber operations have been used in conflict situations in order to boost their own resilience. Hostile states, Jarvis said, know the most effective way to act is “not to confront us directly, but to quietly hollow us out,” by hacking logistics systems which move goods, for example, or compromising businesses. He compared a cyberattack at Britain’s biggest automaker Jaguar Land Rover — that dented Britain’s economic growth late last year — to masked criminals turning up at car dealerships, breaking glass, smashing computers and stealing vehicles from the parking lot. AI, Jarvis said, is also making it easier for adversaries to attack by finding vulnerabilities in systems “faster than any human team can patch them.” He called for AI companies to work with the U.K. government to develop bespoke programs to boost Britain’s cyber defenses. European countries report cyber attacks on infrastructure In a conflict situation, Horne said, the U.K. would likely face cyberattacks at scale but — unlike with ransomware — companies will not be able to pay their way out in order to recover data and access to systems. For that reason, he said, every organization needs to understand the “full extent” of the risk they face and improve their cyber defenses before it is too late. On Friday, Swedish authorities said that a pro-Russian group with links to Russia’s security and intelligence services was behind a cyberattack on a heating plant last year. Carl-Oskar Bohlin, Sweden’s minister for civil defense, compared it to incidents in Poland in December, when coordinated cyberattacks hit combined heat and power plants supplying heat to almost 500,000 customers, as well as wind and solar farms. Poland later said evidence indicated hackers were “directly linked to the Russian services.” Norwegian authorities also warned that a hack in April 2025 which affected water flows from a dam was linked to Russia while in December, Danish authorities said another attack on a water utility company in 2024 left some houses without water. The four cyberattacks are among more than 155 incidents of disruption — including arson, sabotage and espionage — linked to Russia or its proxies by Western officials and tracked by The Associated Press since Moscow’s full scale invasion of Ukraine in February 2022. Other incidents linked to Russia by European officials include an attack on German air traffic control, attempts to gain access to Signal and WhatsApp accounts belonging to officials and journalists and attempts by hackers linked to Russian military intelligence to steal users’ sensitive data by exploiting a weakness in some internet routers. Related: UK Government Unveils New Cyber Action Plan Written By Associated Press More from Associated Press Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in HouseWhite House Chief of Staff to Meet With Anthropic CEO Over Its New AI TechnologyLawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ FollowedSweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy InfrastructureTrump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy ProtectionsShaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for LongHacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in WarfarePro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account Latest News After Bluesky, Mastodon Targeted in DDoS AttackNew Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention Mirai Botnet Targets Flaw in Discontinued D-Link RoutersAre SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataClaude Mythos Finds 271 Firefox VulnerabilitiesNorth Korean Hackers Use AppleScript, ClickFix in Fresh macOS AttacksGoogle Antigravity in Crosshairs of Security Researchers, CybercriminalsOracle Patches 450 Vulnerabilities With April 2026 CPU Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveAnti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors.ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer.Thomas Bain has been appointed Chief Marketing Officer at Silent Push.More People On The MoveExpert Insights Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as

Entities