Active Threat Categories
Nation-State Persistent Access Operations
Multiple governments maintain long-term unauthorized access to foreign critical infrastructure — power grids, water systems, telecommunications — not necessarily to use immediately, but as strategic leverage. Security researchers and government agencies have publicly confirmed this activity from numerous actors including Russia, China, Iran, and North Korea. The goal is often to pre-position for future crises rather than to cause immediate disruption.
Bulk Signals Intelligence (SIGINT) Collection
Programs like those revealed in the Snowden documents demonstrated that major intelligence agencies routinely collect metadata — who called whom, when, for how long — on enormous populations. Modern programs have evolved. Traffic analysis at the backbone level, combined with AI pattern recognition, allows identification of behavior patterns even in encrypted communications without ever decrypting them.
Supply Chain Compromise
Rather than attacking targets directly, sophisticated actors compromise the software or hardware supply chain — inserting malicious code into widely used software libraries, firmware updates, or physical hardware components before they reach end users. The SolarWinds incident (2020) compromised approximately 18,000 organizations through a single software update. Hardware supply chain attacks are harder to detect and can be nearly impossible to remediate.
Commercial Spyware Markets
A significant industry has emerged selling powerful surveillance tools — capable of fully compromising smartphones and computers — to governments worldwide, including those with poor human rights records. Tools like NSO Group's Pegasus spyware have been documented targeting journalists, dissidents, lawyers, and opposition politicians in dozens of countries. The commercial nature of this market means these capabilities are spreading rapidly.
Ransomware as a Geopolitical Tool
Criminal ransomware operations — which encrypt victims' systems and demand payment — have evolved from opportunistic crime into something closer to geopolitical weapons. Some groups operate with implicit protection from nation-states in exchange for avoiding attacks on domestic targets. Hospital systems, pipelines, and government agencies have all been hit with consequences affecting public safety. The line between criminal and state-sponsored activity is often deliberately blurred.
Internet of Things (IoT) Mass Compromise
Consumer IoT devices — routers, cameras, smart home devices, industrial sensors — typically have minimal security, infrequent firmware updates, and default credentials that users never change. Large-scale compromises of these devices have been used to launch massive denial-of-service attacks. They also represent persistent footholds in home and business networks that are extremely difficult to detect or remediate once established.
Disinformation Infrastructure
Coordinated state and non-state actors operate networks of fake accounts, automated bots, and coordinated "influence operations" to manipulate public discourse on social media platforms. These operations don't just spread false information — they artificially amplify certain viewpoints, manufacture apparent consensus, and suppress legitimate voices. AI tools have dramatically lowered the cost and increased the sophistication of these campaigns.
Biometric Data Harvesting
Facial recognition databases built from social media profiles, government IDs, and commercial cameras are increasingly accurate and widely deployed. Your face, gait, voice, and typing patterns are increasingly treatable as unique identifiers — ones you cannot change if compromised. Several governments have acquired or built facial recognition systems capable of identifying individuals in real-time across entire cities.
AI-Powered Phishing & Social Engineering
Highly personalized phishing attacks used to require significant human research on each target. AI tools can now scrape publicly available information and generate personalized, convincing lures at scale. Voice cloning allows impersonation of family members or employers. The mass-production of individually tailored deception represents a qualitative shift in the threat landscape for ordinary users.
Understanding Your Threat Model
Not everyone faces the same threats. A human rights activist in an authoritarian country faces very different risks than a small business owner in a democratic one. Understanding your own threat model helps you prioritize defenses appropriately.
The Average Person
For most people, the primary threats are criminal rather than governmental: phishing attacks, credential theft, ransomware, and financial fraud. These threats are high-volume and opportunistic — attackers are looking for easy targets, not specifically you. Strong basic hygiene (unique passwords, two-factor authentication, software updates) addresses the vast majority of your actual risk.
People in High-Risk Categories
Journalists, activists, lawyers, political figures, researchers studying sensitive topics, and anyone in or adjacent to government or defense work face significantly elevated risks from sophisticated actors. If you're in this category, basic hygiene is necessary but not sufficient — you likely need specialized guidance beyond what a general awareness site can provide.
The Infrastructure Question
Even if you're not personally targeted, you may be affected by attacks on infrastructure you depend on. The power grid, water system, financial networks, and communications infrastructure that modern life depends on are all increasingly networked and therefore increasingly vulnerable. Community awareness about these dependencies is part of resilience.