Last week, Denmark issued a stark warning about rising cyber espionage threats targeting Europe’s telecommunications sector—a signal that recent breaches in the US were far from isolated incidents. The Danish Civil Protection Authority (SAMSIK) released an updated cyber threat assessment, raising serious concerns about nation-state attacks aimed at telecom infrastructure across the continent.
In its report published on March 13, SAMSIK classified the espionage threat level against Denmark’s telecommunications industry as “High”—a significant escalation from the “Medium” rating in 2022. This update comes amid a growing wave of cyberattacks against European telecom companies, marking the sector as a prime target for foreign intelligence operations.
The report, authored by Denmark’s Center for Cyber Security (CFCS), didn’t stop there. It also maintained the risk of destructive cyberattacks at “Medium”—a level first set in June 2024—and raised the threat of cyber activism to “High” back in January 2023. Overall, Denmark now considers the risk of cyberattacks targeting the telecom industry as “Very High”.
According to the CFCS, telecom and internet service providers have become lucrative targets for state-sponsored hackers. The data flowing through these networks is a goldmine—allowing foreign actors to monitor communication patterns, track the movements of individuals and groups, and even plan physical sabotage or destructive cyberattacks.
The report stressed that breaching telecom infrastructure provides cybercriminals with unprecedented access. Not only does it expose private and sensitive communications, but it also allows attackers to build covert pathways into critical IT systems—laying the groundwork for future large-scale cyber offensives.
Growing State-Backed Threats from China, Russia, and Iran
The escalation in Denmark’s cyber threat assessment is largely driven by a series of sophisticated espionage attempts across Europe’s telecommunications sector over the past few years. The report named China, Russia, and Iran as the leading culprits behind these persistent campaigns.
China, in particular, continues to dominate the cyber espionage landscape. Danish authorities revealed that Chinese state-sponsored groups have leveraged telecom infrastructure to monitor the Chinese diaspora in Europe, including dissidents and minority groups like the Uighurs and Tibetans.
These surveillance campaigns often stretch beyond monitoring. Because telecom providers service massive clients—including data centers and cloud service providers—the potential data trove is vast and immensely valuable to attackers.
Meanwhile, Russia’s cyber activities appear focused on preparing the battleground for possible future attacks. According to SAMSIK, Russian hackers have been actively mapping telecom infrastructures, gathering technical intelligence, and planting backdoors—tactics designed to enable sudden, destructive strikes with little to no warning.
“The preparation of destructive attacks may consist of mapping and gathering technical knowledge about providers’ infrastructure as well as establishing backdoors in IT systems,” the report noted. “This gives state hackers a better opportunity to carry out destructive cyberattacks against their targets swiftly if their intentions shift.”
Chinese Cyber Group “Salt Typhoon” Intensifies Global Telecom Attacks
Denmark’s warning comes on the heels of high-profile cyberattacks against US telecom giants—incidents that captured international attention last year. Much of the spotlight fell on “Salt Typhoon,” a notorious Chinese advanced persistent threat (APT) group linked to these assaults.
Salt Typhoon shot into prominence after infiltrating Verizon, AT&T, and Lumen Technologies, granting the Chinese government rare access to highly sensitive data, including law enforcement wiretaps and political campaign communications for both the Republican and Democratic 2024 presidential campaigns.
Despite the uproar, Salt Typhoon continued its spree, adding more telecom victims to its growing list while also expanding its reach to research universities and other sensitive sectors.
This cyber offensive wasn’t confined to the US and Europe. Reports confirmed that Chinese nation-state hackers also targeted telecom providers in at least two Asian countries last year, demonstrating the global nature of this threat.
Denmark’s assessment serves as a powerful reminder that telecom companies sit at the heart of national security. As foreign powers ramp up their cyber espionage campaigns, the risk of a devastating attack on Europe’s communication infrastructure grows.
The CFCS emphasized that protecting this sector is not just about safeguarding data but also about preserving the integrity of services that support emergency responses, defense communications, and everyday connectivity.
With China, Russia, and Iran showing no signs of slowing their cyber activities, European nations face the pressing challenge of fortifying their telecom networks against state-backed cyber threats. How governments and industry players respond to this growing danger could define the future of cybersecurity across the continent.
