CRITICAL INFRASTRUCTUREThe Invisible Siege: Securing the Indo-Pacific’s Telecom Backbone
Telecommunications once seemed like the passive layer of critical infrastructure—pipes and switches that connected everything yet rarely drew attention. That perception ended long ago. The stability of countries will depend on whether they can keep the lights on and the lines open when pressure comes.
Telecommunications once seemed like the passive layer of critical infrastructure—pipes and switches that connected everything yet rarely drew attention. That perception ended long ago, particularly with the transition to 5G ecosystems.
Nokia’s 2025 Threat Intelligence Report, issued on 8 October, shows how telecom networks have become targets themselves, recasting them as active domains of strategic competition and control. Stealth attacks within operator environments have risen sharply, traffic from distributed denial-of-service attacks has doubled in three years, and encryption has expanded so rapidly that many carriers can no longer inspect or defend at the pace they carry data. Connectivity itself is now contested space.
The scale of activity is staggering. One in four malware detections last year came from telecom networks. Attackers are exploiting connected devices—smart meters, cameras and industrial sensors—to create dispersed, hard-to-attribute botnets that can be switched on and off at will. The same networks that bind the region together are also providing the infrastructure for coercion.
Nokia’s analysis arrives alongside Microsoft’s Digital Defence Report 2025 and the latest threat assessment from the Australian Signals Directorate, both of which paint a consistent picture of scale, speed and strain. Each looks at a different layer—Microsoft at users and identity, ASD at national exposure, Nokia at the network—but their findings align. All three organizations report steep rises in AI-enabled operations, identity compromise and attacks on essential services. Microsoft ranks Australia among the world’s most targeted nations, with extortion and ransomware still dominant. ASD warns of the same convergence as state actors and criminals exploit shared weaknesses across cloud, identity and infrastructure.
More troubling than the numbers is intent. Nokia’s threat hunters see attacks designed not to disrupt, but to persist. That evolution builds on what CrowdStrike identified earlier this year as the rise of ‘enterprising adversaries’ using AI to scale and disguise their operations. Malicious actors embed themselves inside routers and network-management systems, using legitimate credentials to avoid detection. Some maintain access for months, quietly mapping and harvesting data from essential systems.
Together, these reports underline the value of sector-specific threat intelligence. No single vantage point captures the full picture, but together they show an ecosystem under coordinated stress: identity exploited at the edge, persistence in the network and coercion through the infrastructure itself.
