Cyber threats facing the UK’s public sector have risen in recent years, partly due to the British government’s ongoing support for both Israel and Ukraine. The UK’s political influence and involvement in international affairs make it a target for nation-state attackers, who aim to use offensive cyber tactics to access sensitive government data, disrupt diplomatic relations, and undermine British democracy.

Our Global Cyber Risk Outlook Report 2025 highlights that public sector assets, particularly central and regional government networks, continue to be the most frequently targeted compared to all other industry sectors. Last year alone saw approximately 2,550 cyber-attacks against government systems, a 91% increase from the 1,332 reported in 2023. With this trend, it is critical that public sector organisations in the UK implement necessary security measures to defend against these cyber threats.

An insightful Global Cyber Risk Outlook Report 2025 webinar focused on the report’s findings, with James Allman-Talbot, Quorum Cyber’s Head of Incident Response and Threat Intelligence, emphasising the importance of understanding threat actors’ capabilities and their targeted organisations. “Understanding this will help us protect ourselves as a community.”

Nation-state threats to the public sector

Our Threat Intelligence (TI) team has assessed that Russia, China, and hacktivists pose a severe threat to both central and regional governments. Additionally, Iran and cybercriminals represent a substantial threat, while North Korea is considered a moderate threat to the sector.

Russia

To assess foreign policy awareness, we expect Russian cyber espionage targeting the UK government sector to escalate, especially since the Labour Party has committed to “outline the path to spending 2.5% of GDP on defence” in accordance with NATO guidelines.

Similarly, Russian cyber espionage against US government networks is anticipated to increase at the beginning of 2025, with Moscow gathering intelligence on the Trump administration’s plans to end the war in Ukraine.

China

Chinese cyber actors are expected to scan US government networks for vulnerabilities to gather intelligence on diplomatic relations between the US and Taiwan, as well as to collect data on the newly formed US-Japan-Philippines alliance.

Additionally, British government officials are likely to face an increased risk of Violet Typhoon spear-phishing attempts due to the country’s membership of the Inter-Parliamentary Alliance on China (IPAC). This risk is underscored by former UK Deputy Prime Minister about a wave of cyber interference targeting senior MPs who are critical of the Chinese government.

Iran

Iranian cyber intelligence assets are expected to initiate espionage campaigns against US government networks to understand the Republican Party’s foreign policy towards Iranian sanctions and to strategize on future Israeli support. A secondary goal of these campaigns will likely include surveillance of Iranian citizens in the US, in response to the increasing presence of Iranian dissidents abroad.

Cybercriminal operations

Stealware is expected to be the primary malware payload in cybercrime operations targeting the government sector due to its ability to capture and sell government credentials that can be exploited for future breaches. To mitigate the risk of credential compromise, it is recommended that government entities conduct dark web and credential monitoring to diminish criminal opportunities.

Ransomware will also continue to pose a significant threat, as both central and regional governments store substantial amounts of sensitive data related to citizens, which can be used for financial extortion.

Russian hacktivist disruption

As our TI team tracked throughout 2024, Russian hacktivist collectives, such as NoName057, will likely continue to launch persistent distributed denial-of-service (DDoS) attacks against UK council websites to protest against the UK’s ongoing support for Ukraine.

Discover how to strengthen cyber security in the public sector today

In our short video, Quorum Cyber’s Chief Threat Officer Paul Caiazzo sums up what you need to know from our Global Cyber Risk Outlook Report, including hacktivism, geopolitics, organised cybercrime, and attack vectors.