UK Says Iran, China Drive Regular Significant Cyberattacks

Hackers linked to foreign governments are now behind the majority of “nationally significant” cyberattacks targeting the UK, the country’s top cybersecurity official is set to warn.

Richard Horne, chief executive officer of the National Cyber Security Centre, or NCSC, is scheduled to say in a speech on Wednesday that the country is facing four consequential cyberattacks every week and living through the “most seismic geopolitical shift in modern history,” according to a preview of his remarks, which were reviewed by Bloomberg News.

Horne named China, Iran and Russia as key adversaries posing a threat to UK cybersecurity.

“Criminal activity such as ransomware remains the most prevalent threat to the vast majority of organizations,” according to the prepared remarks. “But the majority of the nationally significant incidents that my teams are handling now originate directly or indirectly from nation states.”

The UK has faced a string of highly disruptive cyberattacks in recent years. Hackers have caused significant disruption at the National Health Service, the country’s Royal Mail postal service, while also inflicting major losses for leading manufacturers and retailers such as Jaguar Land Rover and Marks & Spencer Plc.

Echoing remarks made by the chief of UK spy agency MI6 in December, Horne will add that the world is more contested than it has been for decades. “We are operating in a space between peace and war,” he warns. “Let’s be clear, cyberspace is part of that contest.”

The NCSC said in its most recent annual review, which assessed cyber activity between September 2024 and August 2025, that it had recorded 204 nationally significant cyberattacks in that period, more than double the number in the prior year. To be deemed a nationally significant incident, an attack must have had a serious impact on a large organization or pose a risk to the government and essential services.

China, he is set to say, has developed “an eye-watering level of sophistication in their cyber operations.” Iran, he warns, was almost certainly using cyber activity to support the repression of British individuals who are seen as a threat to the regime. He also said that Russia is taking the cyber lessons it has learned in Ukraine and applying them more widely.

“The tactics and techniques honed in conflict are now being directed at states it considers hostile,” he will say. “We are seeing sustained Russian hybrid activity targeting assets across the UK and Europe.”

Separately on Wednesday, the UK government is also planning to raise concerns about the impact of artificial intelligence on heightening cybersecurity threats. That comes amid warnings about the capabilities of Mythos, a new model developed by Anthropic PBC, which researchers say could be misused by criminals or governments to identify and exploit security vulnerabilities on a large scale.

Security minister Dan Jarvis is calling on AI companies to work with the government to build AI-powered cyber defense measures. Such cooperation could achieve “capabilities that can protect our nation’s most critical networks by autonomously identifying and addressing vulnerabilities at a speed and scale no human can match,” Jarvis will say in remarks at the CYBERUK conference in Glasgow, Scotland.

Photograph: An attendee types on a cyrillic laptop computer keyboard at the CrytoSpace conference in Moscow, Russia, on Friday, Dec. 8, 2017; photo credit: Andrey Rudakov/Bloomberg