Denmark Warns of Escalating Nation-State Cyber Espionage Against European Telecom Sector

Denmark has issued a heightened warning about nation-state espionage targeting Europe's telecommunications industry, reinforcing concerns that last year's high-profile attacks on U.S. telecom firms were not isolated incidents.

Denmark Raises Cyber Espionage Threat Level

On March 13, the Danish Civil Protection Authority (SAMSIK) released an updated cyber threat assessment for the nation's telecom sector. The report, its first since 2022, elevated the threat level for cyber espionage to "High", citing an increasing wave of cyberattacks against European telecommunications providers.

The report was prepared by Denmark's Center for Cyber Security (CFCS), which had previously raised the threat level for destructive cyberattacks to "Medium" in June 2024 and cyber activism to "High" in January 2023. Overall, the risk of cyberattacks on the telecom industry was deemed "Very High."

Telecoms: A Prime Target for Nation-State Espionage

According to CFCS, state-sponsored cyber actors view telecom providers as prime espionage targets, as their networks store vast amounts of sensitive communication and location data. This intelligence can be leveraged for surveillance, intelligence gathering, and even preparing for destructive cyberattacks.

"Foreign states consistently use cyber operations to conduct espionage within the telecommunications sector worldwide," the report noted. Historically, state-sponsored espionage focused on Asian and Middle Eastern telecom providers, but in recent years, European telecom companies have become key targets.

China, Russia, and Iran Identified as Key Threat Actors

The report specifically pointed to China, Russia, and Iran as nations actively engaging in cyber espionage operations targeting telecommunications infrastructure.

???? China's cyber activities are believed to be largely focused on monitoring the Chinese diaspora, dissidents, and minority groups such as Uighurs and Tibetans. The country has also been implicated in targeting telecom firms that provide services to cloud providers and data centers, further increasing their strategic value.

???? Russia's cyber espionage efforts, according to SAMSIK, appear to be aimed at preparing for future destructive cyberattacks. This includes mapping telecom infrastructure, gathering technical data, and planting backdoors in IT systems—tactics that could enable rapid cyber sabotage with little or no warning.

Recent History of Telecom-Focused Cyber Espionage

China’s aggressive cyber espionage campaigns have drawn heightened scrutiny, particularly following the emergence of the APT group "Salt Typhoon".

Salt Typhoon made headlines in late 2023 when it was discovered that the group had breached multiple U.S. telecom giants, including Verizon, AT&T, and Lumen Technologies. The attacks reportedly allowed Chinese operatives to access U.S. law enforcement wiretaps and private communications tied to both the Republican and Democratic 2024 presidential campaigns.

Despite global condemnation, Salt Typhoon has continued targeting telecom companies, expanding its focus to include research universities and telecom providers in multiple Asian nations.

Cyber Espionage Threats Show No Signs of Slowing

Denmark’s latest warning underscores a growing reality: state-sponsored cyber threats against critical infrastructure, particularly telecommunications, are escalating worldwide. As China, Russia, and Iran continue to refine their cyber capabilities, European and global telecom providers must reinforce their cybersecurity measures to protect against espionage, sabotage, and other malicious activities.