In 2013, cyber security firm Mandiant released a report that would reshape the global security narrative.
It detailed the activities of a Chinese CyberOps military unit known as APT1 (Advanced Persistent Threat 1), which had allegedly conducted prolonged and widespread cyber espionage against commercial and government targets across multiple continents.
The 60-page document did more than name names; it publicly connected the dots between state-backed cyber activity and national strategic objectives.
It was a turning point. The conversation shifted from hypothetical cyber threats to an undeniable reality: cyber warfare was no longer theory. It was a tactic, a policy tool, and became for some nations, a cornerstone of modern military doctrine.
Over a decade later, that reality has only deepened.
Cyber operations have become a standard component of national defence strategies worldwide.
From ransomware-as-a-service groups with loose state affiliations to military-grade espionage campaigns, the digital domain is now as contested as land, sea, air, and space.
The lines between criminal and geopolitical have become increasingly blurred. Consider the NotPetya attack in 2017, widely attributed to Russian actors, which crippled global businesses under the guise of ransomware but functioned more like a destructive wiper.
Or the May 2020 SolarWinds campaign, which silently infiltrated US government networks under the radar of traditional defences. These are not isolated acts of vandalism. They are acts of strategy.
Behind many of these operations lies a structured, well-funded, and deeply embedded ecosystem of national interest. Military cyber units, intelligence services, and contracted third parties all play roles in a theatre of operations that is largely invisible to the public but keenly understood by those in the field.
One of the most important—yet least visible—alliances shaping this landscape is the Five Eyes.
Formed initially for signals intelligence sharing between the United States, United Kingdom, Canada, Australia, and New Zealand, the alliance has evolved into a critical axis for cyber threat intelligence, joint operations, and digital infrastructure protection.
New Zealand’s participation in the Five Eyes often flies under the radar. But its role is more than symbolic. As part of this alliance, NZ is both a contributor and a beneficiary of collective intelligence and cyber defence strategy. In the context of APT tracking, global incident response, and even the shaping of attribution narratives, NZ is in the room where it happens.
This presents both strength and risk.
Alignment with larger powers places New Zealand on the map of geopolitical adversaries who view the alliance as a threat. At the same time, it elevates NZ’s access to intelligence, capability development, and resilience resources far beyond what it could maintain alone.
But cyber warfare is not the sole province of nation-states. Increasingly, we see the democratisation of offensive cyber capabilities. Tools once limited to elite intelligence services are now open-source or commercially available. This proliferation creates new dynamics—smaller states, proxy actors, and even private groups are capable of disrupting critical infrastructure or exfiltrating sensitive data.
In response, military organisations are evolving. Recruitment efforts have expanded dramatically. In the United States, the Department of Defense has created dedicated cyber commands across all military branches. Cadet programmes, scholarships, and early-talent pipelines are aggressively targeting young, capable technologists. In the UK, initiatives like the National Cyber Force blend military, intelligence, and private-sector capabilities into an integrated posture.
And it’s not just about defending networks. Offensive capability is increasingly part of the doctrine. Deterrence now includes the credible threat of reciprocal digital disruption.
Attribution is a strategic tool.
Messaging matters.
For organisations in the private sector, particularly those in critical infrastructure or working with sensitive data, the implications are sobering. You may not consider yourself a target—but if your systems intersect with those of governments, suppliers, or multinational ecosystems, you are part of the battlefield.
This doesn’t mean panic. It means posture. Situational awareness.
And a recognition that geopolitical risk is no longer something you read about in the news. It’s embedded in the threat model of every modern enterprise.
Your cybersecurity strategy must now consider:
- How do you monitor for threat actor behaviour consistent with APT-level sophistication?
- Are your staff trained to recognise indirect probes or initial access attempts?
- Do you have clear, actionable incident response protocols for suspected nation-state engagement?
- Are you integrated into any sector-specific threat intelligence sharing networks?
The stakes are rising, not falling. And the battlefield is no longer defined by borders.
Cyberwarfare is not an emerging threat. It is an ongoing reality. We are already in it. Some nations have formal doctrines. Others operate in plausible deniability. But the campaigns are underway.
There will be no formal declaration of war in this domain. Only signals. Breaches. Leaks. And silence where once there was trust.
We are at war. And have been for some time.
CyberForensics helps organisations align their cyber defence posture with the realities of modern threat landscapes—including targeted, state-sponsored operations.
Contact us to review your risk exposure and resilience strategy.