Check Point links US cyberattacks to global crises in new clash warning

Published: 9 December 2025
cyber-strategic-geopolitics
Image by Cybernews.

Cyberattacks against the United States are no longer isolated events that cause only temporary technical inconvenience. According to Check Point, a cybersecurity company, they’re now mostly coordinated campaigns aimed at weakening Washington.

Amit Weigman, Check Point’s cybersecurity and AI expert who authored the report, says that the US is entering a new era of strategic competition in cyberspace. In 2026, this rivalry is predicted to bloom into a full-scale cyber clash.

“Over the past two years, cyber operations have evolved from opportunistic disruptions and intelligence-gathering into deliberate, coordinated campaigns designed to achieve political, economic, and strategic outcomes,” said Weigman.

ADVERTISEMENT

“The boundary between cyber and geopolitics has all but disappeared: state-aligned threat actors now use digital operations to signal intent, project power, shape crises, and impose costs, often below the threshold of armed conflict.”

Cyber ops as means of statecraft

Data in the Check Point report shows cyber activity rises significantly during moments of geopolitical tension, and we’ve had plenty of those lately.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Analysis of incident data alongside the Caldara-Iacoviello Geopolitical Risk Index (GPR) shows that surges in geopolitical volatility consistently align with spikes in state-aligned cyber campaigns.

More specifically, when the GPR exceeds its long-term median by more than one standard deviation, cyber incidents targeting the US government and critical infrastructure increase by 35-45% within the following quarter.

That’s no accident, Weigman says. Heightened tension creates strong incentives for states to use cyber capabilities as tools of signalling, leverage, and escalation management.

“Campaigns in 2024 and 2025 followed this trend closely: pre-positioning within US power grid networks intensified during heightened US-China competition, ransomware operations against healthcare surged amid Middle East tensions, and supply chain compromises spiked during NATO posture adjustments,” explained Weigman in the report.

According to Check Point, cyber operations have become a means of statecraft in their own right, wielded to gain leverage, project power, and exploit vulnerabilities in an interconnected world.

ADVERTISEMENT

He added: “In simple terms: when global politics heat up, so do cyberattacks.” This means that cyber ops are now central to national competition.

According to Check Point, cyber operations have become a means of statecraft in their own right, wielded to gain leverage, project power, and exploit vulnerabilities in an interconnected world.

“The stakes extend far beyond cybersecurity. They encompass national resilience, economic stability, and the credibility of US power in an increasingly contested digital order,” says the report.

“Meeting this challenge will require sustained collaboration across government, industry, and allies, and a recognition that the defense of digital infrastructure is now inseparable from the defense of the nation itself.”

Direct threat to physical infrastructure

Since it’s now a strategic competition, Check Point adds, “smash and grab” attacks are increasingly rare nowadays. Instead, the threat actors quietly sneak into networks and stay there for months or even years.

Phishing attack, hackers
Image by Cybernews

Groups like Volt Typhoon and APT41 (both linked to Chinese threat actors) break into power grids, telecommunications, and federal systems and then hide their presence, waiting for a future crisis when disruption could be more valuable.

According to Check Point, this matters because having foreign adversaries inside critical networks “reduces US decision-making freedom, gives hostile states leverage, and increases risk during geopolitical emergencies.”

Moreover, the threat actors are deliberately targeting the most essential sectors such as energy, healthcare, government, water systems, and transportation. That’s all preparation for potential future crises.

ADVERTISEMENT

For example, Volt Typhoon compromised engineering workstations and SCADA (Supervisory Control and Data Acquisition) networks inside a major utility, and groups like ALPHV/BlackCat shut down hospitals and exposed massive amounts of sensitive medical data.

The pattern is clear: attackers choose the targets that create the biggest social, political, and economic impact.

Check Point

Furthermore, ransomware halted operations at a major US port for five days, disrupting national supply chains, and water plants keep being targeted by ideologically motivated groups.

“The pattern is clear: attackers choose the targets that create the biggest social, political, and economic impact,” said CheckPoint.

What makes it even more dangerous is that attackers, once inside the systems, now more often than not choose to jump from IT networks into operational tech such as power grid controls and water treatment systems.

“This makes cyber incidents far more dangerous because they can directly affect physical infrastructure,” wrote Weigman.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT