In partnership with
Want to get the most out of ChatGPT?
ChatGPT is a superpower if you know how to use it correctly.
Discover how HubSpot's guide to AI can elevate both your productivity and creativity to get more things done.
Learn to automate tasks, enhance decision-making, and foster innovation with the power of AI.
Bottom Line Up Front
Cyberattacks have become the new artillery of geopolitical conflict, targeting infrastructure, telecoms, and transportation systems to destabilize adversaries without kinetic force.
Confirmed state and proxy operations—including Ukraine-linked disruptions of Aeroflot and Chinese espionage against U.S. telecoms—prove cyberspace is a strategic front.
The financial cost is staggering, with global cybercrime projected to reach $10.5 trillion annually by 2025, and average breach costs hitting $4.88 million.
Governments are reacting, with U.S. and EU investments in zero-trust security, incident response teams, and joint cyber defense initiatives, but defense remains fragmented.
The vast majority of critical systems are privately owned, making digital hygiene, threat intelligence, and AI-resistant cyber literacy essential for both institutions and civilians.
Hey everyone—
Welcome to The Under Report, your weekly intelligence brief about the stories that move the world without making headlines.
I started this weekly newsletter to make geopolitics clear and accessible to everyone. We can understand the world without bombastic headlines, partisan moralization, or fear mongering. I'm so glad to have you all along for the ride and I can't wait to grow more.
Share The Under Report if you know someone who would appreciate a weekly intel update. Also, make sure to check out our sponsors to keep the Under Report rolling.
— Eric
P.S.
This piece is going to make you want to get your cyber security on point… here’s a good primer.
In the 2020s cyber weapons have emerged as the new artillery. Instead of taking strategic high ground it's about rendering critical networks unusable. They move through fiber-optic cables and stolen credentials, skipping borders and crashing systems before their victims even know they’ve been hit.
According to Check Point Software, a global cyber security company, major organizations worldwide experienced an average of 1,925 cyberattacks per week in the first quarter of 2025. This is a staggering 47 percent increase from the year before. Unfortunately this is a strategic shift in the way conflicts are fought, money is stolen, and power is exercised.
Cybercrime is now the fastest-growing criminal enterprise on Earth. By next year, it’s expected to cost the world $10.5 trillion annually, according to Cybersecurity Ventures. To put that in perspective, if cybercrime were a country, it would have the world’s third-largest economy, behind only the United States and China.
The price tag for victims is rising fast. IBM’s 2024 report on data breaches found the average cost of a breach has hit $4.88 million, the highest ever recorded. Ultimately this becomes business interruption, legal fees, lost customers, and destroyed reputations. But recent weeks have shown us that the front line of war can be in cyberspace as well.
In July pro-Ukraine hacktivist groups Silent Crow and the Belarusian Cyber‑Partisans claimed responsibility for a cyberattack on Aeroflot, Russia’s state-owned airline. According to reports, the attackers infiltrated Aeroflot’s networks over the course of a year, then destroyed some 7,000 servers, seized employee and passenger data, and prompted the cancellation of over 100 flights, particularly at Moscow’s Sheremetyevo Airport during a holiday peak. Russian authorities confirmed the breach and launched a criminal investigation, while lawmakers described it as a “wake‑up call” to Russia's vulnerabilities in digital defense.
Meanwhile, the Chinese-linked group Salt Typhoon conducted prolonged espionage campaigns against U.S. critical infrastructure and telecommunications systems. In a major incident traced back to mid‑2024, hackers broke into networks of multiple U.S. telecom providers, accessed metadata on millions of calls and messages, and even infiltrated wiretapping systems. This campaign lasted up to a year before detection and has been attributed by agencies such as Microsoft, the FBI, and U.S. Intelligence to groups aligned with China’s Ministry of State Security.
So why are cyberattacks launched? Motivations vary, but most fall into four broad categories. First is simple financial gain. Criminal groups, often operating with tacit state support, deploy ransomware or business email compromise scams to extract cash. Second is espionage. State-backed hackers exfiltrate confidential data, intellectual property, or military plans. Third is sabotage. This has been seen clearly in Ukraine, where Russian hackers have knocked out power grids and telecom systems ahead of military offensives. Fourth and increasingly common is perception warfare: leaking embarrassing emails, defacing websites, or deepfaking voices to shape public opinion.
Economically the cyber realm can't be beat for high impact and low cost. Unlike kinetic attacks cyberattacks can be launched without immediate attribution. Generally if someone drops a bomb on you, you know who did it. Not so with cyberwarfare since it can travel globally at the speed of light. And because they often fall below the threshold of conventional war, they don’t provoke traditional responses. A missile strike may trigger retaliation. A ransomware infection might just earn you a shrug and a backup plan.
But the impacts are far from minor. Critical infrastructure like telecoms, water treatment plants and the electrical grid are all vulnerable targets. But individuals are equally vulnerable. In 2024 alone, more than 5,200 victims were posted to ransomware leak sites, a 15 percent increase over the previous year. The average ransom demand exceeded $2.7 million. Even when people or companies refuse to pay, the threat of reputation destruction or business shutdown is often enough to force their hand.
Governments are beginning to respond, but the pace of change is slow compared to the speed of attack.
In the United States, the Biden administration has requested $3 billion for the Cybersecurity and Infrastructure Security Agency (CISA) in its FY2025 budget. That money will support zero-trust architecture rollouts, red-team drills, and rapid-response coordination with private industry. Meanwhile, the Department of Defense has been refining its Joint Cyber Warfighting Architecture to ensure interoperability across the military and intelligence community.
Across the Atlantic, the European Union has rolled out the NIS2 Directive, a sweeping update that expands mandatory cybersecurity practices and reporting obligations to 18 critical sectors, including energy, telecommunications, and even the postal service. Member states had until October 2024 to implement the rules or face penalties.
On a multilateral level, the Counter-Ransomware Initiative, now composed of over 50 countries, is attempting to build a shared blacklist of crypto wallet addresses used by known criminal gangs. NATO, for its part, released the Tallinn Manual 3.0, offering legal guidelines for when cyberattacks may trigger collective defense under Article 5. (Essentially, this gives the criteria for when a cyber attack can be responded to with bombs).
Still, there is a fundamental challenge: around 85 percent of critical infrastructure in most advanced economies is owned and operated by private companies. That means the front lines of cyber warfare are not manned by soldiers but by system administrators, software engineers, and HR departments trying to fend off phishing scams. Since there is reputation risk in admitting a cyber attack they are often undetected until the damage has been done.
So what can be done?
For citizens and businesses alike, the best defense is layered, relentless hygiene. Multi-factor authentication (MFA) must become universal. Microsoft notes that 99 percent of identity-based attacks it tracks could be prevented with MFA. Critical systems must be patched within days, not months. Backups should be kept offline and tested regularly. Training employees to recognize AI-generated phishing emails and deepfakes is now as important as installing antivirus software. And both individuals and organizations should know what software they depend on, a practice formalized as the “SBOM,” or Software Bill of Materials.
Finally, cyber-awareness should become as embedded in public life as seatbelts or smoke alarms. It’s not glamorous, but it’s essential. Government alert feeds like CISA’s Shields Up program in the U.S. or the EU’s CSIRTs offer real-time vulnerability alerts and threat indicators for free. The tools are available. The question is whether we’ll use them.
Cyber conflict isn’t going away. While bombs may still make headlines, it’s the backdoors, botnets, and breached credentials that will quietly shape the wars and economies of the future.
About Eric
Eric Czuleger is a journalist and travel writer who has lived and worked in over 47 countries. He holds a masters degree from the University of Oxford and he is completing a National Security degree from the RAND school of public policy. He's the author of You Are Not Here: Travels Through Countries That Don’t Exist, and host of the “The Under Report” TikTok channel.
Liked today’s brief? Dive deeper—check out my book You Are Not Here: Travels Through Countries That Don't Exist and explore the world’s unrecognized countries.
What Smart Investors Read Before the Bell Rings
Clickbait headlines won’t grow your portfolio. That’s why over 1M investors — including Wall Street insiders — start their day with The Daily Upside. Founded by investment bankers and journalists, it cuts through the noise with clear insights on business, markets, and the economy. Stop guessing and get smarter every morning.