By Ashwani Mishra, Editor-Technology, 63SATS
In 2025, a quiet war is being waged across the world—one fought not with tanks and missiles but with lines of malicious code.
Unlike conventional wars, this battle has no clear borders, no single enemy, and no defined battleground. Cybercrime has evolved beyond mere digital theft; it has become a national security threat, blurring the lines between financial crime, state-sponsored espionage, and warfare.
A recent report by Google’s Threat Intelligence Group sheds light on the staggering scale of this hidden conflict. It details how cybercriminals are no longer just independent actors seeking profit but are now being co-opted by nation-states to conduct espionage, destabilize economies, and even support military operations. This is not just a story of hackers and stolen data—it’s a story of how cybercrime is shaping global politics and security.
When Cybercrime Turns Deadly: The Cost of Digital Warfare
On a cold winter night in 2023, an American hospital’s digital systems suddenly locked up. Doctors couldn’t access patient records, machines failed to process lab results, and ambulances were diverted to other hospitals. This was no technical glitch—it was a ransomware attack. The cybercriminals behind it demanded millions in cryptocurrency, threatening to permanently delete all patient data.
Such incidents are no longer rare. According to the Google report, the number of ransomware attacks targeting healthcare has doubled in the past three years. The consequences are not just financial; lives are at stake. A study from the University of Minnesota found that during ransomware attacks, hospital mortality rates increased by up to 41%.
Cybercriminals, once content with targeting businesses for financial gain, now see healthcare as an easy target. Some of these criminals are even working on behalf of nation-states, using their hacking skills not just for profit but to create chaos in rival countries. The report details how groups linked to Russia, China, Iran, and North Korea have increasingly used cybercrime tactics to advance their political and military objectives.
State-Sponsored Crime: When Governments Hire Hackers
Perhaps the most alarming revelation from the Google Threat Intelligence Group’s study is how governments are exploiting cybercriminal networks. Instead of building their own cyber capabilities from scratch, nation-states now purchase hacking tools from criminal groups or even directly employ cybercriminals to carry out attacks.
Take Russia, for example. The report highlights how GRU-linked APT44 (also known as Sandworm), a notorious Russian military intelligence group, has used ransomware tools originally developed by criminal hackers to disrupt Ukrainian infrastructure. Similarly, North Korea’s cybercriminal groups have stolen billions of dollars in cryptocurrency to fund the country’s weapons program.
This blending of cybercrime and state-sponsored hacking creates a dangerous scenario. Governments can deny responsibility for attacks while reaping the benefits of stolen data, financial disruptions, and espionage. The Google report reveals that Iran has also used ransomware both to raise funds and as a cover for intelligence-gathering activities. Even China, historically focused on cyber espionage, has started deploying cybercrime tactics like ransomware to obscure its operations.
The Colonial Pipeline Attack: A Warning for the Future
One of the most infamous cyberattacks in recent years was the Colonial Pipeline ransomware attack in 2021. The attack forced the company to shut down its fuel pipeline, causing panic-buying of gasoline across the United States. The hackers, linked to the Russian-speaking DarkSide ransomware group, were financially motivated. However, the Google report warns that a similar attack today could be used as a political weapon.
Imagine a cybercriminal group, secretly working with a hostile government, launching an attack like this during an international crisis or war. The disruption could cripple supply chains, cause economic panic, and even change the outcome of military operations.
According to the report, Costa Rica experienced this first-hand in 2022. A ransomware attack by the CONTI group was so severe that the government declared a national emergency—the first time in history a country had to take such a step due to a cyberattack. The attack crippled government medical, tax, and customs systems, showing how cybercrime could be weaponized to bring a country to its knees.
Data Leaks: A Goldmine for Espionage
Cybercriminals are not just stealing money—they’re stealing data. And that data is becoming a weapon in global conflicts. The report highlights how criminal groups leak sensitive corporate and government data online, making it accessible not only to other criminals but also to foreign intelligence agencies.
For example, in 2024, a Chinese espionage group disguised their activities as a ransomware attack, encrypting corporate files but not demanding a ransom. Instead, they silently stole intellectual property, giving Chinese companies a competitive advantage in the global market.
Similarly, the Google report notes that Russian intelligence services have leveraged cybercriminal networks to steal classified information from European governments. By using existing ransomware tools and data leak sites, they avoid direct attribution while still gaining valuable intelligence.
The Cybercrime Economy
One of the biggest challenges in fighting cybercrime is its decentralized nature. Unlike traditional criminal organizations, cybercriminals operate across borders, collaborating through online forums and encrypted messaging platforms.
The Google report explains how ransomware groups have evolved into highly organized businesses, complete with customer support, affiliates, and even “help desks” to assist victims with ransom payments. Some ransomware groups even offer “money-back guarantees” if the victim’s files are not properly decrypted after payment.
These groups also operate under a Ransomware-as-a-Service (RaaS) model, where criminal developers sell ransomware to affiliates who then carry out attacks. This allows even low-skilled hackers to launch devastating cyberattacks, further fueling the cybercrime ecosystem.
The Way Forward: Collaborative Approach
The Google Threat Intelligence Group’s report makes it clear: tackling cybercrime requires a global, coordinated response.
Unlike traditional warfare, where battles are fought between national armies, the war against cybercrime must be fought by governments, private companies, and law enforcement agencies working together.
The report outlines several key recommendations:
- Recognizing cybercrime as a national security threat – Governments must allocate more resources to tracking and dismantling cybercriminal networks.
- Strengthening cybersecurity defenses – Critical infrastructure, including hospitals and power grids, must be hardened against cyberattacks.
- International cooperation – Countries must work together to track, arrest, and prosecute cybercriminals, even when they operate in jurisdictions that provide them safe havens.
- Disrupting the cybercrime economy – Cutting off financial networks, including cryptocurrency laundering services, can weaken cybercriminal organizations.
- Public-private partnerships – Tech companies and governments must share intelligence and work together to improve cybersecurity.
A War Without Borders
Cybercrime is no longer just an issue of stolen credit card numbers or hacked email accounts. It is a global security threat that affects every industry, every government, and every individual. The Google Threat Intelligence Group’s report warns that unless decisive action is taken, the line between cybercrime and state-sponsored cyber warfare will continue to blur.
This is not just a fight for cybersecurity experts and law enforcement—it’s a fight that affects all of us. Whether it’s a ransomware attack on a hospital, a cyber assault on a nation’s power grid, or stolen data fuelling foreign espionage, the battle against cybercrime is one we cannot afford to lose.
