Published Wednesday, June 24, 2026 at 06:49 PM PT

BREAKING ALERT โ€” UK NCSC: STATE-SPONSORED ACTORS BEHIND 75% OF CRITICAL INFRASTRUCTURE CYBER ATTACKS

BLUF: The UK National Cyber Security Centre has confirmed that hostile state actors are responsible for approximately three-quarters of cyber attacks targeting the UK’s critical national infrastructure. All CNI operators and their supply chains should treat this as an elevated threat environment and review defensive postures immediately.

DETAILS

  • UK NCSC CEO Dr. Richard Horne disclosed the 75% figure publicly at RUSI’s Annual Security Lecture โ€” this is an official, attributed statement from the UK’s lead national cybersecurity authority.
  • The disclosure signals that state-sponsored cyber activity against UK critical systems is not incidental but constitutes the dominant threat vector by volume.
  • This announcement follows recent NCSC advisories on China-nexus covert networks using compromised devices and targeted attacks against messaging applications โ€” suggesting a sustained, multi-vector campaign environment.
  • Specific hostile states responsible for the remaining attribution were not confirmed in available reporting; named actors should not be assumed beyond what NCSC formally attributes.
  • The venue โ€” RUSI’s Annual Security Lecture โ€” indicates this was a deliberate, high-profile policy signal, not an operational disclosure. Tactical indicators have not been publicly released at this time.

IMPACT

  • Sectors at risk: All UK critical national infrastructure sectors โ€” energy, water, transport, finance, health, communications, and government.
  • Scope: National-level threat; supply chain and third-party providers to CNI operators are implicated by extension.
  • Severity: High. State-level resourcing implies sophisticated, persistent, and potentially pre-positioned threat actors.
  1. CNI operators: Immediately verify network monitoring and anomaly detection coverage across OT/IT boundaries.
  2. Review third-party access: Audit privileged vendor and supply chain access points โ€” a known vector in state-sponsored intrusions.
  3. Consult NCSC guidance: Cross-reference current NCSC advisories, including the China-nexus compromised device network advisory, for applicable indicators and mitigations.
  4. Incident reporting: Ensure internal escalation paths for suspected state-sponsored activity are active and tested.
  5. Messaging security: In light of the concurrent NCSC messaging app advisory, restrict sensitive communications to approved, hardened platforms.

SOURCES

  • UK National Cyber Security Centre โ€” NCSC CEO public statement, RUSI Annual Security Lecture
  • NCSC advisory: China-nexus covert networks of compromised devices (referenced context)
  • NCSC advisory: Messaging app targeting (referenced context)

โš  NOTE: Specific state attributions, technical indicators, and affected sector details beyond what NCSC has publicly stated are not confirmed. Monitor NCSC.gov.uk for follow-on advisories.