Cyber threat rising: Grey zone attacks now range from spying to sabotage

Adversaries, whether they're state or non-state actors, are using their cyber capabilities against us, an expert has warned.

Dr Tim Stevens, the director of King's College London's Cyber Security Research Group, said this was happening whether we're at war with them or not.

But what do we actually mean by cyber war? And is the UK already under attack?

• Military radios could be replaced to maintain communication security – by lasers
• StratCom becomes CSOC: New Cyber & Specialist Operations Command explained
• Vital work unseen, but not unfelt as Armed Forces' first fast-track cyber warriors graduate

Cyber warfare in 2026 isn't always about destroying systems. Sometimes it's about quietly altering what people see – and how they think.

Joe Jarnecki, a cyber and tech research fellow at the defence thinktank, Rusi, gives an example of how this might work on the battlefield.

"If you were able to get inside a digital system and change certain parts of messages that they receive, or change a visual display, or a map that they register, you're able to change how they cognitively think or understand a particular situation," he explained.

Modern military operations are now deeply dependent on digital systems – networks, sensors, satellites and data links. If those systems are disrupted, it affects decision-making, slows responses and changes outcomes.

As Dr Stevens puts it: "It runs on digital. And if it's digital, it's cyber. And if it's cyber, it can be hacked. That's the essential proposition here."

Ukraine: The cyber war that didn't quite happen

When Russia invaded Ukraine, many analysts warned of a devastating cyber onslaught.

Mr Jarnecki points to one key example, saying: "There were and have been significant cyber operations conducted by Russia, for example in disabling some of Ukraine's command and control through attacks on the Viasat satellite network just prior to the invasion.”

But in many ways, the feared cyber blitz never fully materialised.

John Foreman, a former British defence attaché to Moscow and Kyiv, said: "What was interesting for me before the war, when Russia was going to 'do cyber' against Ukraine, it was the dog which didn't bark in many ways, because of defensive measures taken to reduce Ukraine’s vulnerability and to counteract cyber attacks."

But that doesn't mean we should rely on enemies underperforming in future conflicts.

Cyber now central to defence

In UK defence, cyber is no longer confined to the sidelines, a fundamental shift in approach reflected in the creation of the Cyber and Specialist Operations Command (CSOC).

"It's the elevating of cyber to something that's not just peripheral to the defence mission, but actually central to it," said Dr Stevens. "It cuts across everything else."

The Ministry of Defence now offers a fast-track direct entry cyber scheme to encourage technical experts into defence roles.

The MOD also has an offensive cyber capability in the National Cyber Force, although the capability here, and when it might be used, remains largely secret.

Cyber in the grey zone

Not all cyber attacks are acts of war. Many sit in the grey zone, damaging national security without triggering a military response.

In the 12 months to August 2025, the National Cyber Security Centre (NCSC), run by GCHQ, revealed it dealt with 204 "nationally significant" incidents, working out at roughly four of these attacks a week, up from just 89 the previous year.

In autumn 2025, cyber attacks on well-known UK household names made headlines. Marks & Spencer, the Co-op and Jaguar Land Rover all suffered major outages.

Former NCSC chief Ciaran Martin says one in particular stood out: "The JLR attack scared the hell out of me, mostly for the strategic insignificance of the attackers. They're Russian-based criminals with no political agenda, people looking to make money.

"And it turns out they can empty shopping shelves, force government into a £1.5bn loan guarantee and knock 0.17 percentage points off GDP growth in September by one cyber attack."

Russia is effectively giving carte blanche to cybercriminal groups, says Dr Stevens, some of which are very well organised to conduct extortion, kidnap and ransom and fraud against targets outside Russia.

"If its proxies can degrade or disrupt the proper functioning of digital networks elsewhere and introduce mistrust into those systems, it helps fulfil an overall strategic objective," he pointed out.

Not just Russia

And while attention might focus on Russia, experts argue China presents a much more complex cyber challenge. Beijing is widely seen as more capable, more patient and more technologically advanced.

Concerns now extend to everyday technologies, with a recent spike in concern around the security of electric vehicles, leading to a British Army warning to personnel in November 2025 not to hold sensitive conversations while travelling in EVs.

Mr Jarnecki explained: "Like any connected vehicle, when you create the ability for a device to be connected to the internet and to be changed at any point by systems outside of the car, you create a risk."

Modern vehicles can gather vast amounts of data – where you go, who you travel with, what you say.

"Is it probable that a country that has dominated a supply chain for a particular technology will use that for espionage?" said Mr Jarnecki. "Yes. We've seen that extensively over the past 20 years."

China planting digital booby traps

But in 2023, US investigators uncovered something even more concerning. Volt Typhoon – a large-scale Chinese operation focused not just on spying, but sabotage.

"Volt Typhoon is a military operation, not an intelligence operation," Mr Jarnecki explained. "It aims to pre-position within critical national infrastructure networks – utilities, transport, education, government."

Mr Martin described the threat in stark terms, saying: "Washington and London assess that China has planted what are effectively digital booby traps all over critical national infrastructure… think of it like 100 JLRs [Jaguar Land Rover incidents] at the same time."

Dr Stevens explained how this might be activated in a crisis. "I'd start with communications," he said. "Knocking out civilian communications infrastructure makes it very difficult for government to communicate with people.

"It makes people uncertain and afraid. It undermines trust in government – which is one of the key objectives of cyber and information operations."

A potential for chaos

Even if cyber war does not arrive as a dramatic Hollywood moment, the UK's digital connectivity – the thing that makes everyday life work – is a vulnerability.

Russia is already active in this space, applying constant pressure through economic and societal disruption.

China represents something different: vast capability, with the potential to be switched on and cause maximum chaos at an operationally vital moment.

The UK's Armed Forces continue to step up in the cyber domain, but operational secrecy keeps these capabilities under wraps – and we may only see how they perform when an enemy strikes.