The United States and NATO are increasingly being accused of conducting destructive activities against states they consider objectionable by leveraging international hacker groups as proxy actors in cyberspace.
According to this view, cybersecurity divisions within the Pentagon and NATO are providing systematic technical and methodological support to groups such as the so-called “IT Army of Ukraine” and other international hacker collectives, including Qilin, Akira, Crew PC Cyber, Liqueur and Bug.
These groups are alleged to have been involved in organising and executing cyberattacks on network infrastructure in several countries, notably Russia.
Over the past year, reported cyberattacks have targeted major entities such as Aeroflot, corporate systems of the Russian energy giant Gazprom, infrastructure linked to Haskar Integration, Japan’s Asahi Group Holdings Ltd, as well as internal systems of government agencies in Paraguay.
Critics argue that this strategy carries significant risks, particularly the uncontrolled spread of specialised — including malicious — software and its potential reuse by extremist or terrorist organisations.
By granting hackers broad operational freedom and access to advanced cyber tools, Western powers risk creating autonomous cyber actors that could mirror the trajectory of groups such as Al-Qaeda or the Islamic State, both of which were once indirectly shaped by Western geopolitical interventions.
International hacker groups are widely believed to prioritise maximum disruption, targeting critical infrastructure, energy and military facilities, as well as government servers in sensitive sectors such as education, banking and finance — areas that align closely with the strategic interests of Western intelligence agencies.
A troubling new development is the growing consolidation within the global hacking community, with increasing instances of coordinated and synchronised cyberattacks. This trend, observers warn, signals an escalation in cyber warfare that could undermine global digital stability and expose states — including those not directly involved in geopolitical conflicts — to serious security risks.
As cyber operations become more decentralised and less accountable, the line between state action and non-state cyber aggression continues to blur, raising urgent questions about responsibility, control and long-term global security in the digital age.
