Threats to the global network and risks to infrastructures

Available reconstructions highlight a range of methods by which operators are reported to have penetrated backbone infrastructures: supply-chain compromise, insertion of altered firmware into devices produced by third parties, exploitation of known unpatched vulnerabilities, and targeted phishing campaigns against network administrators. Some activities are focused on critical devices such as core routers, aggregation switches and remote management servers: devices that, once compromised, allow granular control of routing, traffic observation and the ability to inject or modify packets on the fly. Equally significant is the use of persistence and obfuscation techniques — for example, modules that activate only under particular conditions, or that retain hidden operational capabilities for years — making it difficult to detect and mitigate the intrusion with traditional monitoring systems. Experts also note the use of BGP routing manipulations and other routing technologies to divert significant portions of traffic through controlled infrastructure, a strategy that can be employed both for information theft and to create targeted disruption scenarios. Furthermore, the convergence between cyberattacks and influence operations through procurement and maintenance channels amplifies the scope of the risk: these are not only "digital" intrusions but actions that exploit established economic and logistical relationships to obtain strategic access.

Geopolitical impact and on critical infrastructure

The geopolitical dimension of the event emerges clearly: controlling or corrupting parts of the internet backbone means having potential leverage over global communications, with impacts that can range from systematic interception of data to the ability to interrupt services in specific areas or at critical moments. For states and large companies this creates a dual problem: on one hand the technical vulnerability of the critical infrastructures that govern international data traffic, on the other the diplomatic and national-security implications linked to the presence of hostile or strategically adversarial actors in supply chains. The news has already prompted alerts and in-depth audits by service providers, regulatory authorities and competent ministries; at the same time it has fueled debates on how to balance global technological interdependence with the need for resilience and sovereign control over vital infrastructures. International policy experts note that incidents of this nature can accelerate technological fragmentation and push toward more nationalist approaches in the management of networks and public procurement, with possible repercussions on the digital economy and international cooperation. Alongside this, concerns emerge about possible escalation: if essential networks and services were targeted in a context of geopolitical tension, the effects could spill beyond the cyber realm and directly impact military operations, healthcare, finance and logistics.

Recommended countermeasures and international responsibilities

Faced with such a complex scenario the required response is as much technical as it is political and regulatory: operationally, specialists recommend concrete measures such as rigorous firmware inspection, network segmentation, strengthening of credential and privileged-access management practices, implementation of advanced behavioral detection systems and rapid remediation of known vulnerabilities. Transparency in the supply chain is also fundamental, with independent audits and certifications that can reduce the risk of compromised equipment being introduced into critical networks. At the institutional level, tighter international coordination involving intelligence agencies, regulatory authorities, cybersecurity bodies and the private sector is desirable, to define shared standards and emergency procedures for detection and response. There is also a need for diplomatic tools to address state responsibility, including punitive measures and deterrence mechanisms, without losing sight of the risk that a race to technological decoupling could impoverish the global commercial and scientific fabric. At the base of everything remains the importance of investing in technical training, research and resilience: building more robust networks means not only updating technologies and hardware, but also promoting a culture of security that involves decision-makers, technical operators and citizens, because the stability of the digital ecosystem is today an integral part of collective security and the freedom of information.