Full Report
Report finds China and Russia may be coordinating ‘grey zone’ tactics against vulnerable western infrastructureChina and Russia are stepping up sabotage operations targeting undersea cables and the UK is unprepared to meet the mounting threat, according to new analysis.A report by the China Strategic Risks Institute (CSRI) analysed 12 incidents where national authorities had investigated alleged undersea cable sabotage between January 2021 and April 2025. Of the 10 cases in which a suspect vessel was identified, eight were directly linked to China or Russia through flag-state registration or company ownership. Continue reading...
Analysis Summary
This article addresses a general threat concerning state-sponsored sabotage against critical infrastructure, rather than detailing the activities of a specific, named cyber threat actor group or campaign. Therefore, the summary will reflect this geopolitical focus on state capabilities rather than conventional cyber TTPs.
# Threat Actor: State Actors (China and Russia)
## Attribution & Identity
The report focuses on the capabilities and demonstrated intent of two nation-states: **China** and **Russia**, as posing threats to UK critical infrastructure. No specific aliases or named hacking groups are mentioned in this context.
## Activity Summary
The summary highlights a severe vulnerability assessment concluding that the UK is "woefully ill-protected" against sabotage targeting **undersea communications cables**. This implies potential kinetic or covert operations targeting physical infrastructure rather than purely cyber intrusions, though cyber intelligence gathering often precedes such actions.
## Tactics, Techniques & Procedures
As the article focuses on potential physical/hybrid warfare rather than established cyber TTP frameworks:
- Covert intelligence gathering associated with state actors potentially mapping out infrastructure.
- Potential for kinetic attack or sabotage operations against undersea cables.
* **Note:** No specific MITRE ATT&CK IDs are applicable based on the scope of the provided text, as the threat is generally maritime/infrastructure based.
## Targeting
- Sectors: Critical National Infrastructure (Specifically **undersea communications cables**).
- Geography: **United Kingdom** (UK) assets, specifically those involving global connectivity.
- Victims: Global communication networks relied upon by the UK.
## Tools & Infrastructure
- The article does not list specific malware, C2 infrastructure, IPs, or URLs related to cyber operations. The implied "tools" relate to maritime or covert operations capable of reaching and damaging reinforced undersea cables.
## Implications
The primary implication is a significant national security vulnerability for the UK due to inadequate defense against potential hostile state action that could sever major data and communication links, leading to severe economic and operational disruption.
## Mitigations
- The article strongly implies the need for **significantly enhanced physical protection and resilience** measures for critical undersea cable infrastructure.
- Review and improvement of current defense policies related to national infrastructure security against hybrid threats originating from state actors like China and Russia.