Connect with us

Hi, what are you looking for?


Malware & Threats

Submarine Cables at Risk of Nation-State Sabotage, Spying: Report

Recorded Future underlines threats to submarine telecommunication cables, such as the risk of intentional sabotage and spying by nation-state threat actors.

Submarine cables, the backbone of the global economy and telecommunications, are operating in an increasingly risky environment and are prone to geopolitical, physical, and cyber threats, including nation-state sabotage and spying, intelligence company Recorded Future says.

Fiber-optic submarine cables on the ocean floor transmit an estimated 99% of all intercontinental internet traffic and communications, including roughly $10 trillion of financial transactions daily and sensitive government and military communication, making them attractive targets for intelligence collection and sabotage.

The number of undersea cables has doubled over the past decade, reaching an estimated 529 cable systems in operation today, and their capacity is likely to increase, to meet the growing number of users and devices requiring internet connectivity.

When it comes to risks these cables are exposed to, intentional attacks are the most damaging, compared to accidental damage from ship anchors or fishing vessels.

In terms of intentional sabotage and spying, state-sponsored groups should be regarded as the greatest threat to submarine cables, especially with an increasing number of Chinese-owned companies operating cables, and with Russia interested in mapping the submarine cable system, very “likely for potential sabotage or disruption”, Recorded Future’s report (PDF) points out.

“Major geopolitical developments, specifically Russia’s war against Ukraine, China’s increasing coercive actions toward, and preparations for, a potential forceful unification with Taiwan, as well as the deepening rift between Beijing and Washington, will very likely be key drivers of the near-term risk environment,” Recorded Future notes.

According to the company, the main threat from China comes in the form of its ability to control digital flows, given its more prominent role as an owner/operator in the industry, which allows it to dictate the location of new cables, “creating new opportunities for intelligence collection through the landing stations it controls”.

Advertisement. Scroll to continue reading.

Russia, on the other hand, represents a threat to the physical security of submarine cables, especially those in the North Sea region. Cutting a submarine cable would lead to disruptions and, if the damage is dealt in deepwater, the impact would be greater, as it would take longer to repair. State-sponsored threat actors, Recorded Future notes, have the resources required to identify and sever a cable in deep water.

“While much less frequent, intentional damage or sabotage represents a unique threat vector, since the timing of an attack and target can disproportionately affect the countries and companies that rely on that cable system,” Recorded Future points out.

Another important issue, the company notes, is the increasing role that hyperscalers such as Amazon, Google, Meta, and Microsoft are taking in the development and ownership of the global cable network, which raises concerns over market monopolies and digital sovereignty.

Located at shore and designed to connect the submarine cable with terrestrial networks, landing stations also represent an attractive target for intelligence collection, as they may lack heightened security protections, are easier to access than deep underwater cables, and house network management equipment and power feeds.

“It is likely that only a select few countries are capable of tapping into submarine cables in deepwater locations, where their activities are less likely to be detected. Landing stations therefore present a more readily accessible option. [They] can serve as intelligence collection points by their owners, on behalf of their country or for the benefit of a foreign government, through the insertion of monitoring equipment or backdoor software,” Recorded Future notes.

The use of remote network management systems for the monitoring and control of infrastructure may also represent a weak point that state-sponsored adversaries, ransomware groups, and other threat actors are likely to exploit.

“State actors seeking an espionage edge will almost certainly target the entire submarine cable ecosystem for intelligence collection: landing station infrastructure, the submarine cables themselves, third-party providers, and the hardware and software that knits it all together. Separately, Russia will almost certainly increase its overt and covert mapping of submarine cables, and likely engage in targeted sabotage on land and underwater,” Recorded Future states.  

Related: Critical Infrastructure Organizations Urged to Identify Risky Communications Equipment

Related: UK Warns of Russian Hackers Targeting Critical Infrastructure

Related: Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.