Telecommunications once seemed like the passive layer of critical infrastructure—pipes and switches that connected everything yet rarely drew attention. That perception ended long ago, particularly with the transition to 5G ecosystems.
Nokia’s 2025 Threat Intelligence Report, issued on 8 October, shows how telecom networks have become targets themselves, recasting them as active domains of strategic competition and control. Stealth attacks within operator environments have risen sharply, traffic from distributed denial-of-service attacks has doubled in three years, and encryption has expanded so rapidly that many carriers can no longer inspect or defend at the pace they carry data. Connectivity itself is now contested space.
The scale of activity is staggering. One in four malware detections last year came from telecom networks. Attackers are exploiting connected devices—smart meters, cameras and industrial sensors—to create dispersed, hard-to-attribute botnets that can be switched on and off at will. The same networks that bind the region together are also providing the infrastructure for coercion.
Nokia’s analysis arrives alongside Microsoft’s Digital Defence Report 2025 and the latest threat assessment from the Australian Signals Directorate, both of which paint a consistent picture of scale, speed and strain. Each looks at a different layer—Microsoft at users and identity, ASD at national exposure, Nokia at the network—but their findings align. All three organisations report steep rises in AI-enabled operations, identity compromise and attacks on essential services. Microsoft ranks Australia among the world’s most targeted nations, with extortion and ransomware still dominant. ASD warns of the same convergence as state actors and criminals exploit shared weaknesses across cloud, identity and infrastructure.
More troubling than the numbers is intent. Nokia’s threat hunters see attacks designed not to disrupt, but to persist. That evolution builds on what CrowdStrike identified earlier this year as the rise of ‘enterprising adversaries’ using AI to scale and disguise their operations. Malicious actors embed themselves inside routers and network-management systems, using legitimate credentials to avoid detection. Some maintain access for months, quietly mapping and harvesting data from essential systems.
Together, these reports underline the value of sector-specific threat intelligence. No single vantage point captures the full picture, but together they show an ecosystem under coordinated stress: identity exploited at the edge, persistence in the network and coercion through the infrastructure itself.
For the Indo-Pacific, this is a serious warning. Many countries are racing to expand 5G, upgrade undersea cables and deploy edge data centres—smaller facilities positioned closer to end users to reduce latency and improve network speed—often with limited visibility and uneven encryption standards. Operators face the dual burden of growing capacity while defending against adversaries who know the terrain. More than 70 percent of mobile traffic is now encrypted, which limits both interception and defence. Encryption is essential, but it also blinds security tools never designed for such volume. Maintaining confidence in that encryption, and the integrity of the systems that depend on it, will be critical as threat actors evolve.
Nokia also reports that denial-of-service attacks are changing form. Large-scale assaults that once lasted days are being replaced by short, intense bursts automated by AI. These micro-attacks strike in minutes but at enormous scale, exploiting defensive lag. While major carriers can often absorb them, smaller operators and satellite providers cannot. For island states and remote regions, losing connectivity even briefly can isolate emergency services, transport systems or financial networks.
This pattern reflects a broader strategic shift. Adversaries are testing the resilience of national communication grids without triggering open conflict, probing how quickly governments and companies detect and recover. The region’s telecommunications are being treated as both a weapon and a proving ground. The invisible siege described by Nokia is already underway. China’s Salt Typhoon campaign has penetrated various telecom networks to harvest metadata and enable surveillance, while its counterpart Volt Typhoon has embedded access in critical infrastructure for future escalation.
Policy needs to now move beyond compliance. Telecommunications are already recognised as critical infrastructure and should now be integrated into national defence planning. Governments could consider how to more deeply embed telcos in threat-intelligence cycles, contingency exercises and scenario testing. Cryptographic resilience could also be a core investment priority. Operators and vendors need support to adopt next-generation architectures now, not after standards are set. As well as this, the region needs a shared picture of network health. Real-time threat data across carriers, regulators and cyber agencies would expose stealth campaigns that span borders.
The Indo-Pacific’s connectivity boom is often framed in terms of opportunities—digital trade, 5G, smart cities and AI-driven economies. Nokia’s findings show the cost. As the physical and virtual layers merge, commercial risk and national security increasingly overlap. An attack on one carrier can ripple across the region within hours, demanding the same approach used for collective defence: shared awareness, coordinated action and sustained investment.
If CrowdStrike’s report revealed how adversaries use AI to accelerate attacks, Nokia’s shows where those attacks will land. Telecom networks are the connective tissue of the Indo-Pacific’s digital life. They are also its new front line. Securing them is both a strategic and a technical challenge. The region’s stability will depend on whether it can keep the lights on and the lines open when pressure comes.
