Cyberconflict and warfare

Defence AI Centre at heart of Korean strategy

South Korea has unveiled a strategy to share extensive military data with defence firms to accelerate AI-powered weapon systems, inspired by US military cloud initiatives. Plans include a national public–private fund to finance innovation and bolster the country’s defence tech prowess.

A specialised working group of around 30 experts, including participants from the Defence Acquisition Program Administration, is drafting standards for safety and reliability in AI weapon systems. Their work aims to lay the foundations for the responsible integration of AI into defence hardware.

Officials highlight the need to merge classified military databases into a consolidated defence cloud, moving away from siloed systems. This model follows the tiered cloud framework adopted by the US, enabling more agile collaboration between the military and industry.

South Korea is also fast-tracking development across core defence domains, such as autonomous drones, command-and-control systems, AI-enabled surveillance, and cyber operations. These efforts are underpinned by the recently established Defence AI Centre, positioning the country at the forefront of Asia’s military AI race.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Military AI and the void of accountability

In her blog post ‘Military AI: Operational dangers and the regulatory void,’ Julia Williams warns that AI is reshaping the battlefield, shifting from human-controlled systems to highly autonomous technologies that make life-and-death decisions. From the United States’ Project Maven to Israel’s AI-powered targeting in Gaza and Ukraine’s semi-autonomous drones, military AI is no longer a futuristic concept but a present reality.

While designed to improve precision and reduce risks, these systems carry hidden dangers—opaque ‘black box’ decisions, biases rooted in flawed data, and unpredictable behaviour in high-pressure situations. Operators either distrust AI or over-rely on it, sometimes without understanding how conclusions are reached, creating a new layer of risk in modern warfare.

Bias remains a critical challenge. AI can inherit societal prejudices from the data it is trained on, misinterpret patterns through algorithmic flaws, or encourage automation bias, where humans trust AI outputs even when they shouldn’t.

These flaws can have devastating consequences in military contexts, leading to wrongful targeting or escalation. Despite attempts to ensure ‘meaningful human control’ over autonomous weapons, the concept lacks clarity, allowing states and manufacturers to apply oversight unevenly. Responsibility for mistakes remains murky—should it lie with the operator, the developer, or the machine itself?

That uncertainty feeds into a growing global security crisis. Regulation lags far behind technological progress, with international forums disagreeing on how to govern military AI.

Meanwhile, an AI arms race accelerates between the US and China, driven by private-sector innovation and strategic rivalry. Export controls on semiconductors and key materials only deepen mistrust, while less technologically advanced nations fear both being left behind and becoming targets of AI warfare. The risk extends beyond states, as rogue actors and non-state groups could gain access to advanced systems, making conflicts harder to contain.

As Williams highlights, the growing use of military AI threatens to speed up the tempo of conflict and blur accountability. Without strong governance and global cooperation, it could escalate wars faster than humans can de-escalate them, shifting the battlefield from soldiers to civilian infrastructure and leaving humanity vulnerable to errors we may not survive.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Foreign cybercrime cells thrive in Nigeria

Nigeria’s anti-fraud agency had 194 foreign nationals in custody in 2024, prosecuting 146 for their roles in cyber-enabled financial crimes, highlighting a robust response to a growing threat.

December alone saw nearly 800 arrests in Lagos, targeting romance and cryptocurrency investment scams featuring foreign ringleaders from China and the Philippines. In one case, 148 Chinese and 40 Filipino suspects were detained.

These groups established complex fraud operations in major Nigerian cities, using fake identities and training local recruits, often unaware of the ultimate scheme. Investigations also flagged cryptocurrency-fuelled money laundering and arms trafficking, pointing to wider national security risks.

EFCC chairman Ola Olukoyede warned that regulatory failures, such as visa oversight and unchecked office space leasing, facilitated foreign crime cells.

National and continental collaboration, tighter visa control, and strengthened cybercrime frameworks will be key to dismantling these networks and securing Nigeria’s digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Italian defence firms hit by suspected Indian state-backed hackers

An advanced persistent threat (APT) group with suspected ties to India has been accused of targeting Italian defence companies in a cyber-espionage campaign.

Security researchers found that the hackers used phishing emails and malicious documents to infiltrate networks, stealing sensitive data.

The attacks, believed to be state-sponsored, align with growing concerns about nation state cyber operations targeting critical industries.

The campaign, dubbed ‘Operation Tainted Love,’ involved sophisticated malware designed to evade detection while exfiltrating confidential documents.

Analysts suggest the group’s motives may include gathering intelligence on military technology and geopolitical strategies. Italy has not yet issued an official response, but the breach underscores the escalating risks to national security posed by cyber-espionage.

This incident follows a broader trend of state-backed hacking groups increasingly focusing on the defence and aerospace sectors.

Cybersecurity experts urge organisations to strengthen defences, particularly against phishing and supply chain attacks. As geopolitical tensions influence cyberwarfare, such operations highlight the need for international cooperation in combating digital threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Azerbaijan’s State Security Service tackles surveillance camera cyber breach

Azerbaijan’s State Security Service has disrupted a significant cybersecurity breach targeting surveillance cameras nationwide. The agency says unauthorised remote access had allowed attackers to capture and leak footage of private homes and offices.

The attackers exploited a digital video recorder (DVR) system vulnerability, intercepting live camera feeds. Footage of private family life was reportedly uploaded to foreign websites and even sold online.

In response, the State Security Service of Azerbaijan coordinated with other state bodies to identify compromised systems and locations. Technical inspections revealed a widespread security flaw in the surveillance devices.

The vulnerability was reported to the foreign manufacturer of the equipment, with an urgent request for a fix. Illegally uploaded footage has since been removed from affected platforms.

Citizens are urged to avoid using devices of unknown origin and follow best practices when managing digital systems. Authorities emphasised the importance of protecting personal data and maintaining cyber hygiene.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware gangs feud after M&S cyberattack

A turf war has erupted between two significant ransomware gangs, DragonForce and RansomHub, following cyberattacks on UK retailers including Marks and Spencer and Harrods.

Security experts warn that the feud could result in companies being extorted multiple times as criminal groups compete to control the lucrative ransomware-as-a-service (RaaS) market.

DragonForce, a predominantly Russian-speaking group, reportedly triggered the conflict by rebranding as a cartel and expanding its affiliate base.

Tensions escalated after RansomHub’s dark-web site was taken offline in what is believed to be a hostile move by DragonForce, prompting retaliation through digital vandalism.

Cybersecurity analysts say the breakdown in relationships between hacking groups has created instability, increasing the likelihood of future attacks. Experts also point to a growing risk of follow-up extortion attempts by affiliates when criminal partnerships collapse.

The rivalry reflects the ruthless dynamics of the ransomware economy, which is forecast to cost businesses $10 trillion globally by the end of 2025. Victims now face not only technical challenges but also the legal and financial fallout of navigating increasingly unpredictable criminal networks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US Cyber Command proposes $5M AI Initiative for 2026 budget

US Cyber Command is seeking $5 million in its fiscal year 2026 budget to launch a new AI project to advance data integration and operational capabilities.

While the amount represents a small fraction of the command’s $1.3 billion research and development (R&D) portfolio, the effort reflects growing emphasis on incorporating AI into cyber operations.

The initiative follows congressional direction set in the fiscal year (FY) 2023 National Defense Authorization Act, which tasked Cyber Command and the Department of Defense’s Chief Information Officer—working with the Chief Digital and Artificial Intelligence Officer, DARPA, the NSA, and the Undersecretary of Defense for Research and Engineering—to produce a five-year guide and implementation plan for rapid AI adoption.

However, this roadmap, developed shortly after, identified priorities for deploying AI systems, applications, and supporting data processes across cyber forces.

Cyber Command formed an AI task force within its Cyber National Mission Force (CNMF) to operationalise these priorities. The newly proposed funding would support the task force’s efforts to establish core data standards, curate and tag operational data, and accelerate the integration of AI and machine learning solutions.

Known as Artificial Intelligence for Cyberspace Operations, the project will focus on piloting AI technologies using an agile 90-day cycle. This approach is designed to rapidly assess potential solutions against real-world use cases, enabling quick iteration in response to evolving cyber threats.

Budget documents indicate the CNMF plans to explore how AI can enhance threat detection, automate data analysis, and support decision-making processes. The command’s Cyber Immersion Laboratory will be essential in testing and evaluating these cyber capabilities, with external organisations conducting independent operational assessments.

The AI roadmap identifies five categories for applying AI across Cyber Command’s enterprise: vulnerabilities and exploits; network security, monitoring, and visualisation; modelling and predictive analytics; persona and identity management; and infrastructure and transport systems.

To fund this effort, Cyber Command plans to shift resources from its operations and maintenance account into its R&D budget as part of the transition from FY2025 to FY2026.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ukraine strengthens cybersecurity ties with EU

Ukraine participated for the first time in the EU National Cybersecurity Coordination Centers meeting and the European Cybersecurity Competence Centre (ECCC) Steering Board in Rome.

The event, supported by Italy’s National Agency for Cybersecurity, focused on enhancing cooperation among EU member states and fostering a unified cyber community.

Natalia Tkachuk, Secretary of Ukraine’s National Coordination Center for Cybersecurity, highlighted the nation’s challenges and experiences in countering cyber threats amidst ongoing conflict.

She emphasized Ukraine’s role in both receiving and sharing cybersecurity knowledge to strengthen collective European security.

Discussions included the establishment of a joint Center of Competence for Cyber Resilience in Ukraine, aiming to counter Russian cyberattacks, disinformation, and sabotage.

The center will utilize artificial intelligence trained on unique Ukrainian data to enhance response capabilities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Global instability fuels surge in cyberattacks

A surge in cyberattacks is fuelled by global instability, with businesses worldwide now facing heightened risks. A new report by GlobalData warns that rising geopolitical tensions are giving state actors, terrorists, hacktivists and cybercriminals more opportunities to strike.

Conflicts in Ukraine and the Middle East have created a volatile digital landscape. Cyberattackers are exploiting weakened defences, targeting both national infrastructure and private enterprises.

‘Those not after money are often motivated by revenge,’ the report states. The key perpetrators are disgruntled employees, unhappy customers, and ideologically driven hackers. While some attackers aim to cause reputational harm or attract attention, others seek to turn off critical systems.

Nation states, in particular, use cyberwarfare as a strategic tool against rival governments. Businesses are warned to prepare for disruption as cyber threats become more frequent and sophisticated. The report concludes that no organisation is immune in today’s digital and geopolitical uncertainty climate.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI issues warning as airline cyberattacks rise, posing national security threat

Less than a year after the cyberattack that shut down Sea-Tac Airport, the FBI has issued a stark new warning: America’s airlines are now targets. The agency confirmed that the cybercrime gang Scattered Spider is actively attacking aviation systems.

This group, known for crippling MGM Resorts, uses social engineering to bypass security. By posing as airline staff, they access systems, steal data and deploy ransomware within hours of a breach.

WestJet, Hawaiian Airlines and Qantas have all been hit in the last two months alone. Qantas reported a data breach affecting more than six million passengers.

Today’s airlines depend on interconnected digital infrastructure. Disruption to crew scheduling, flight planning or maintenance can trigger chaos across entire networks.

The FBI says these attacks are shifting from isolated incidents to coordinated campaigns. Experts fear that state and non-state actors are watching closely, ready to exploit aviation vulnerabilities.

Aircraft are now flying data centres. Their connectivity brings both efficiency and risk. Flight safety could be at stake if attackers compromise weather feeds or ground systems.

Sea-Tac was a warning. What happens when multiple airports are targeted at once? Fictional scenarios are edging closer to reality.

Previous attacks — from Warsaw to London — exposed system weaknesses. The threat has only grown. It is no longer a question of if, but when.

The industry must act decisively. Stronger identity checks, hardened systems, and real-time intelligence sharing are no longer optional. Cybersecurity must become as essential as flight safety.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!