CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Evolving global cyber conflict landscape reshaping critical infrastructure and extortion threats

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The geopolitical landscape has shifted from an era of relative stability under Pax Americana to one where technology is weaponized and cyber operations are integral to state power projection. State-linked actors, particularly China- and Russia-aligned groups, are intensifying campaigns targeting critical infrastructure, telecommunications, and government networks with long-dwell access, stealthy backdoors, and operational technology (OT) compromise. Non-state actors, including hacktivists and cybercriminals, have aligned with geopolitical agendas, executing disruptive operations that blur the line between activism, crime, and statecraft, often with physical consequences. Cyber extortion remains a dominant threat, driven by commoditized attack ecosystems and persistent failures in basic cyber hygiene, despite increased law-enforcement disruption efforts.

Timeline

  1. 27.03.2026 13:00 1 articles · 3h ago

    State-aligned cyber operations intensify targeting of critical infrastructure and OT systems globally

    Since early 2024, coordinated state-sponsored campaigns by China-linked Volt Typhoon and Salt Typhoon have targeted U.S. and global critical infrastructure, including energy, defense, and telecommunications sectors, using pre-positioning and stealthy access to enable long-dwell intelligence collection and potential disruptive actions. In parallel, Russian-aligned hacktivist groups such as NoName057(16) have escalated politically motivated cyber-physical operations, including the manipulation of a Norwegian dam’s floodgates and repeated DDoS attacks against European and North American public sector targets, signaling a shift from digital protest to strategic coercion.

    Show sources
    Open in new tab

Information Snippets

  • State-sponsored actors are increasingly leveraging identity-focused attacks and compromising edge devices and virtualization platforms to maintain long-term, low-visibility access within critical infrastructure and enterprise IT environments.

    First reported: 27.03.2026 13:00
    1 source, 1 article
    Show sources

  • Volt Typhoon and Salt Typhoon campaigns, attributed to Chinese state actors, demonstrated coordinated targeting of U.S. and global critical infrastructure, including energy, defense, and telecommunications sectors, using pre-positioning and strategic access for intelligence collection and potential disruption.

    First reported: 27.03.2026 13:00
    1 source, 1 article
    Show sources

  • Pro-Russian hacktivist groups such as NoName057(16) and Killnet have conducted politically motivated DDoS campaigns and cyber-physical operations, including the seizure and manipulation of a dam’s floodgates in Norway and repeated targeting of European and North American critical infrastructure.

    First reported: 27.03.2026 13:00
    1 source, 1 article
    Show sources

  • Cl0p ransomware operations exploited zero-day vulnerabilities in enterprise file-transfer platforms, resulting in hundreds of victims across multiple regions, illustrating the scalability and rapid monetization enabled by commoditized cybercrime ecosystems.

    First reported: 27.03.2026 13:00
    1 source, 1 article
    Show sources

  • Law-enforcement operations such as Operation ENDGAME have dismantled major cybercrime infrastructure and arrested suspects, yet adversaries continue to adapt through decentralized affiliates and shifting jurisdictions, maintaining resilience against disruption.

    First reported: 27.03.2026 13:00
    1 source, 1 article
    Show sources

  • Governments including the UK and U.S. are advancing legislation to ban ransomware payments for public bodies and mandate incident reporting, reflecting growing recognition of ransomware as a systemic societal threat rather than a technical nuisance.

    First reported: 27.03.2026 13:00
    1 source, 1 article
    Show sources