Cyber Warfare & Nation-State Threat DefenceNation-States Are
Already Inside.
Nation-states have been inside global infrastructure for years. Most organisations do not know they are already compromised. This track trains the people who find them, stop them, and build the defences that hold.
What is cyber warfare?
Cyber warfare, also called cyberwarfare, is the use of digital attacks by nation-states, intelligence services, and state-sponsored groups to disrupt, damage, or surveil a target country's computer systems, critical infrastructure, financial networks, military operations, or civilian information environment.
- 01INCIDENTS
Examples of cyber warfare attacks
Real-world cyber warfare incidents include the 2010 Stuxnet operation against Iranian nuclear centrifuges, the 2015 and 2016 BlackEnergy and Industroyer attacks on the Ukrainian power grid, the 2017 NotPetya wiper that caused over $10 billion in global damage, the 2020 SolarWinds supply-chain compromise that breached US federal agencies, and the ongoing campaigns by APT groups attributed to Russia, China, North Korea, and Iran against energy, healthcare, and government targets worldwide.
- 02DOCTRINE
Cybercrime versus cyber warfare
The difference is the actor and the intent. Cybercrime is conducted by criminal groups for financial gain — ransomware operators, fraud rings, identity theft. Cyber warfare is conducted by nation-states or state-sponsored proxies for strategic, political, or military objectives — espionage, infrastructure disruption, election interference, and pre-positioning access for future conflict.
- 03ASSESSMENT
Is cyber warfare a real threat in 2026?
Yes. The UK National Cyber Security Centre (NCSC), the EU Agency for Cybersecurity (ENISA), and the US Cybersecurity and Infrastructure Security Agency (CISA) have all confirmed sustained, escalating campaigns against critical national infrastructure, healthcare, energy, water, and government networks. Mandiant's M-Trends 2024 reports a global median dwell time of 10 days for detected intrusions — but nation-state actors routinely maintain access for many months when undetected, with notable campaigns such as SolarWinds persisting nine months inside US federal networks.
- 04PROGRAMME
Cyber warfare training worldwide
Xcademia delivers instructor-led cyber warfare training and certification programmes worldwide. Onsite delivery is available at your facility in any country, with virtual instructor-led sessions across every time zone for distributed and international teams. Courses cover APT detection, threat hunting, hybrid warfare, cognitive warfare, critical infrastructure protection, and CISO-level resilience command, aligned to NCSC CAF, NIS2, MITRE ATT&CK, NIST CSF, GovAssure, and DDaT.
The Threat Landscape, Right Now
Nation-state APT activity — live adversary intelligence with TLP classification. Click any row to expand.
Feed: AlienVault OTX pulses + curated nation-state advisories. Attribution claims are intel-attributed and may be contested by named states.
Our APT Detection course teaches your team to detect these techniques against your own environment within weeks, not months.
This Already Happened.
To Organisations Like Yours.
These are not hypothetical scenarios. Every incident below was a real organisation, real data, real consequences — many of which are still unresolved today.
These incidents caused real harm to people, organisations, and public services. We list them so defenders can learn from them — not to dramatise them.
Every technique shown here is covered in our APT Detection and Cyber Defence Operations courses — at practitioner depth.
WannaCry
48 NHS trusts crippled. 19,000 appointments cancelled. MRI scanners offline. First nation-state ransomware at scale.
NotPetya
Maersk rebuilt 45,000 PCs in 10 days. Merck lost $870M. Most destructive cyberattack in history — disguised as ransomware.
SolarWinds Orion
Supply chain backdoor hit US Treasury, DoJ, DHS, Microsoft, Intel. 9 months undetected inside US federal networks.
Colonial Pipeline
US East Coast fuel supply halted for 6 days. National emergency declared. ICS/OT networks shut down by operators out of fear.
Microsoft Exchange
Four zero-days exploited before patch release. 10+ nation-state groups piled in within 72 hours of disclosure.
Viasat KA-SAT
NATO satellite comms wiped 1 hour before Ukraine invasion. Wind turbine modems in Germany affected. First confirmed wartime cyberattack.
MOVEit Transfer
SQL injection zero-day in managed file transfer. BBC, BA, Boots, US DoE, Shell, PWC all compromised via third-party supply chain.
Change Healthcare
US healthcare payments infrastructure offline 6 weeks. 1 in 3 Americans had health data stolen. Largest healthcare breach in US history.
UK MOD Payroll
Personal data of all active and reserve UK military personnel exfiltrated from third-party contractor. Names, addresses, bank details.
WannaCry
48 NHS trusts crippled. 19,000 appointments cancelled. MRI scanners offline. First nation-state ransomware at scale.
NotPetya
Maersk rebuilt 45,000 PCs in 10 days. Merck lost $870M. Most destructive cyberattack in history — disguised as ransomware.
SolarWinds Orion
Supply chain backdoor hit US Treasury, DoJ, DHS, Microsoft, Intel. 9 months undetected inside US federal networks.
Colonial Pipeline
US East Coast fuel supply halted for 6 days. National emergency declared. ICS/OT networks shut down by operators out of fear.
Microsoft Exchange
Four zero-days exploited before patch release. 10+ nation-state groups piled in within 72 hours of disclosure.
Viasat KA-SAT
NATO satellite comms wiped 1 hour before Ukraine invasion. Wind turbine modems in Germany affected. First confirmed wartime cyberattack.
MOVEit Transfer
SQL injection zero-day in managed file transfer. BBC, BA, Boots, US DoE, Shell, PWC all compromised via third-party supply chain.
Change Healthcare
US healthcare payments infrastructure offline 6 weeks. 1 in 3 Americans had health data stolen. Largest healthcare breach in US history.
UK MOD Payroll
Personal data of all active and reserve UK military personnel exfiltrated from third-party contractor. Names, addresses, bank details.
Sources: NCSC · CISA · Wired · Reuters · BBC · US-CERT · Verizon DBIR 2024
Every Sector Is a Target.
Not Just Defence.
The threat is not distributed equally, but it is distributed universally. Below is the current threat posture for each major sector — with real statistics.
Government & Defence
of NATO nations experienced state-sponsored intrusions in 2024
Nation-state actors persistently target classified networks, defence contractors, and diplomatic communications infrastructure.
Healthcare
of NHS trusts reported a significant cyber incident in the past 24 months
Ransomware groups specifically target healthcare because operational pressure creates willingness to pay — and lives are at stake.
Energy & Critical OT
of critical infrastructure operators had an OT/ICS intrusion in 2023–24
ICS/SCADA systems controlling power grids, water plants, and pipelines are increasingly targeted as geopolitical leverage.
Finance & Banking
average data breach cost in financial services — highest of any sector
SWIFT-targeting APTs, credential theft, and insider threats combine with the highest regulatory cost of any industry.
Education & Research
more likely to be hit by ransomware than the average organisation
Universities hold IP, student PII, and research data. Open network culture and legacy IT make them soft targets for APT pre-positioning.
Legal & Professional
of top-100 law firms have experienced a significant breach
M&A data, litigation strategy, and client privilege make law firms extraordinarily high-value targets for nation-state economic espionage.
Telecoms
major telecoms providers compromised in the 2024 Salt Typhoon campaign alone
Nation-state actors target telecoms for persistent lawful-intercept access — the ability to monitor communications at the network level.
Supply Chain
increase in software supply chain attacks between 2020 and 2024
A single compromised vendor can be the entry point for hundreds of organisations — as SolarWinds and MOVEit demonstrated at scale.
Sources: IBM Cost of a Data Breach 2024 · Verizon DBIR 2024 · NCSC Annual Review 2024 · Gartner · CISA
We have trained defenders across every sector shown above. See the programmes that fit your sector.
Built for Those Who
Cannot Afford to Lose.
If your sector appears below, your organisation is already a named target in an active threat actor playbook. This track was designed for the people who have to deal with that.
Government & Defence
of NATO nations saw state-sponsored intrusions in 2024
Protect classified networks, sovereign data, and critical national infrastructure against persistent state-sponsored APT campaigns, hybrid warfare, and cognitive operations designed to destabilise government functions.
Healthcare & NHS
of NHS trusts reported a significant cyber incident in 24 months
Defend patient data, EHR systems, and connected medical devices. Nation-state actors and ransomware gangs both target healthcare — one for intelligence, one because operational disruption creates maximum pressure to pay.
Energy & Critical Infrastructure
of critical infrastructure operators had an OT/ICS intrusion in 2023–24
Secure industrial control systems, power grids, water treatment, and pipeline infrastructure against physical-cyber convergence attacks. ICS environments are increasingly targeted for long-dwell pre-positioning.
Finance & Banking
average data breach cost — highest of any sector globally
SWIFT-targeting APTs, credential theft, insider threats, and supply chain attacks on third-party processors. Financial services face the highest regulatory penalty exposure of any industry alongside the highest breach cost.
Legal & Professional Services
of top-100 law firms have experienced a significant breach
M&A data, litigation strategy, and client privilege make legal firms extraordinarily valuable nation-state targets for economic espionage. A breach in a law firm is often a breach of the client behind the matter.
Telecoms & Satellite
compromised in the 2024 Salt Typhoon campaign alone
Nation-state actors target telecoms infrastructure for persistent lawful-intercept access — the ability to monitor communications at the network level without the carrier knowing. Satellite comms are now primary targets.
Education & Research
more likely to be hit by ransomware than the average organisation
Universities hold cutting-edge research, student PII, and strategic IP. Kimsuky, APT10, and others specifically target academic institutions to steal pre-publication research in defence, biotech, and advanced materials.
Supply Chain & Vendors
increase in software supply chain attacks between 2020 and 2024
A single compromised supplier becomes the entry point for hundreds of downstream organisations. SolarWinds, MOVEit, and 3CX all demonstrated that attackers now prefer the trusted third-party vector over direct intrusion.
Built to the Standards
Procurement Requires.
Government and enterprise procurement teams require alignment to recognised standards. Every course in this track is mapped to the frameworks below — so you can reference them in procurement, assurance, and regulatory submissions.
The Programme
A structured set of instructor-led modules covering every domain of modern cyber warfare — from foundational doctrine to command-level resilience. Select any module to see the full briefing.
Four Ways to Train.
One Standard of Instruction.
Whether you need a single analyst trained or an enterprise-wide programme, every format is instructor-led by practitioners — not trainers reading from slides.
Onsite Instructor-Led
Delivered at your facility by a practitioner who has operated in the environments being taught. Classified-friendly delivery available for government and defence clients.
- Fully customisable scenario content
- Air-gapped / secure facility compatible
- Worldwide — any country, any facility
Virtual Instructor-Led
Live sessions with a practitioner instructor. Not pre-recorded. Real-time Q&A, scenario exercises, and breakout group work across time zones.
- Live — not e-learning
- Works across all time zones
- Secure platform, no recording by default
Enterprise Cohort
A structured multi-cohort programme aligned to your organisation's risk posture, threat model, and compliance requirements. Includes pre-engagement assessment and post-training debrief.
- Risk-posture aligned content
- Pre/post assessment included
- CPD certificates for all participants
Red Team Wargame
A facilitated cyber crisis simulation where your team defends against a real nation-state-style attack scenario. Debrief identifies gaps in your current detection, response, and communication posture.
- Simulated APT campaign against your environment
- MITRE ATT&CK mapped attack chains
- Documented gap analysis delivered post-event
Not Sure Where to Start? Let X-Ray Decide.
X-Ray diagnoses your team's current capability against nation-state threat frameworks and prescribes the exact courses in the right order with measurable outcomes.
Ready to Defend the Digital Battlefield?
Instructor-led. Minimum one full day. Available virtually and onsite. Enterprise cohorts available globally.