%3Aquality(100)&w=640&q=75){kind=logo}
The New Cyber Warfront: Why Communications Infrastructure Will Be Ground Zero in 2026
Repost from article published April 23, 2026 on The Edge Malaysia.
Apr 23, 2026
·Blog
·Raja Rizal Kamrul Abdullah
%3Aquality(100)&w=3840&q=75)
This article originally appeared on TheEdgeMalaysia. Republished with permission.
As Malaysia strengthens its position as a regional digital hub, a sobering reality demands urgent attention.
Communications infrastructure — across networks, devices, and apps — is rapidly becoming the frontline of cyber warfare.
Recent telecommunications intrusions in neighbouring Singapore and new warnings from European Intelligence Agencies about recent espionage campaigns targeting WhatsApp and Signal, serve as a stark reminder that no nation is exempt.
In an increasingly contested environment, attacks on critical communications networks are accelerating. The recently reported cyber-attacks on major Singaporean telecommunications operators, following multiple high-profile network breaches in the US in 2024, signal that attacks on communications infrastructure are no longer hypothetical threats; they are active, sophisticated and evolving.
When threat actors penetrate telecom networks, they have the potential to gain real-time access to critical communications streams, enabling them to track decision-making, expose sensitive negotiations and harvest intelligence for disinformation, blackmail or identity spoofing. They can redirect calls, manipulate communications, and launch precisely targeted social engineering attacks with damaging effect.
This presents a major vulnerability for government agencies, financial institutions, and critical infrastructure operators.
While end-to-end encryption secures the what of a conversation, exposed metadata reveals the who, when, and where — providing adversaries with a detailed map of organisational relationships, operational patterns and privileged access flows. This can expose sensitive government discussions, military communications and the operational security of essential services.
In March, a series of incidents had driven action by European Governments to combat this risk.
Portuguese and Dutch intelligence urged staff in separate advisories not to use Signal or WhatsApp for sensitive communications after a global state-backed campaign targeted the accounts of government officials, military personnel and journalists. In the same week, a former German intelligence official reportedly fell victim to a Signal phishing attack.
In a statement to media, the Portuguese SIS alert explicitly states attackers are “not compromising the apps or encryption” but exploiting users themselves.
Head of the Netherlands’ Military Intelligence and Security Service (MIVD), Vice Admiral Peter Reesink, warned: “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.”
In government contexts, this intelligence can allow foreign actors to detect coordinated activity among key officials and anticipate policy or negotiation moves well in advance. Recent breaches demonstrate that attackers are now exploiting real-time metadata, not merely historical records, using AI to gain immediate insight into communication patterns and to spoof identities with far greater sophistication than before.
Malaysia has taken affirmative steps to designate its telecommunications infrastructure as critical national infrastructure. Yet no nation is immune.
Many providers worldwide still rely on outdated signalling protocols vulnerable to interception and the interconnected nature of regional telecom networks — essential to Malaysia's role as a Southeast Asian communications hub — introduces additional exposure. Cross-border carrier connections create security gaps that sophisticated threat actors actively exploit.
Malaysia is already setting a strong example for the region in its use of sovereign, government-grade technology.
At the 46th and 47th Asean Summits, BlackBerry Secure Communications was deployed to protect heads of state, ministers and senior officials, enabling seamless coordination among highly mobile agencies and logistics teams.
Across more than five hundred meetings in different locations at each event, it ensured that sensitive discussions, logistics, interagency communications, and associated metadata remained fully protected throughout for thousands of personnel.
National policy initiatives currently focus on building resilience, developing sovereign capabilities, and fostering a truly adaptive digital society. The Malaysia Cyber Security Strategy 2025–2030, themed "Cyber Security Resilience: Nurturing an Adaptive Digital Society," further reinforces this direction.
The forthcoming Cybercrimes Bill will add further legislative weight to efforts tackling modern digital threats, including those targeting communications networks.
Malaysia's approach to sovereign communications resilience offers instructive lessons for the wider region, built around three essential components.
First, certified encryption. Organisations managing sensitive government, military or critical infrastructure communications must deploy government-certified, military-grade encryption solutions operating independently of vulnerable public networks. End-to-end encryption, combined with device integrity protection and out-of-band resilience, ensures communication remains confidential even when underlying telecom networks are compromised.
Second, data sovereignty. Sensitive data must remain on sovereign networks, processed within national jurisdiction, with complete organisational control over infrastructure and data flows. Consumer-grade messaging applications, however convenient, lack these guarantees, creating unacceptable risks for classified or sensitive communications.
Third, security culture. Comprehensive protocols and education programmes are essential. Even at a basic cyber-hygiene level, anyone handling sensitive information must understand the risks inherent in public telecom networks and have secure alternatives available.
The unfortunate truth is that we have not seen the last of these network intrusions and exploitation of consumer-grade apps, particularly in a heightened geopolitical landscape.
Recent experiences in Singapore and Europe is a warning to Malaysia and Asean that these threats are escalating, but also an opportunity to strengthen defences before they intensify further.
The New Cyber Warfront: Why Communications Infrastructure Will Be Ground Zero in 2026
Repost from article published April 23, 2026 on The Edge Malaysia.
Apr 23, 2026
·Blog
·Raja Rizal Kamrul Abdullah
This article originally appeared on TheEdgeMalaysia. Republished with permission.
As Malaysia strengthens its position as a regional digital hub, a sobering reality demands urgent attention.
Communications infrastructure — across networks, devices, and apps — is rapidly becoming the frontline of cyber warfare.
Recent telecommunications intrusions in neighbouring Singapore and new warnings from European Intelligence Agencies about recent espionage campaigns targeting WhatsApp and Signal, serve as a stark reminder that no nation is exempt.
In an increasingly contested environment, attacks on critical communications networks are accelerating. The recently reported cyber-attacks on major Singaporean telecommunications operators, following multiple high-profile network breaches in the US in 2024, signal that attacks on communications infrastructure are no longer hypothetical threats; they are active, sophisticated and evolving.
When threat actors penetrate telecom networks, they have the potential to gain real-time access to critical communications streams, enabling them to track decision-making, expose sensitive negotiations and harvest intelligence for disinformation, blackmail or identity spoofing. They can redirect calls, manipulate communications, and launch precisely targeted social engineering attacks with damaging effect.
This presents a major vulnerability for government agencies, financial institutions, and critical infrastructure operators.
While end-to-end encryption secures the what of a conversation, exposed metadata reveals the who, when, and where — providing adversaries with a detailed map of organisational relationships, operational patterns and privileged access flows. This can expose sensitive government discussions, military communications and the operational security of essential services.
In March, a series of incidents had driven action by European Governments to combat this risk.
Portuguese and Dutch intelligence urged staff in separate advisories not to use Signal or WhatsApp for sensitive communications after a global state-backed campaign targeted the accounts of government officials, military personnel and journalists. In the same week, a former German intelligence official reportedly fell victim to a Signal phishing attack.
In a statement to media, the Portuguese SIS alert explicitly states attackers are “not compromising the apps or encryption” but exploiting users themselves.
Head of the Netherlands’ Military Intelligence and Security Service (MIVD), Vice Admiral Peter Reesink, warned: “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information.”
In government contexts, this intelligence can allow foreign actors to detect coordinated activity among key officials and anticipate policy or negotiation moves well in advance. Recent breaches demonstrate that attackers are now exploiting real-time metadata, not merely historical records, using AI to gain immediate insight into communication patterns and to spoof identities with far greater sophistication than before.
Malaysia has taken affirmative steps to designate its telecommunications infrastructure as critical national infrastructure. Yet no nation is immune.
Many providers worldwide still rely on outdated signalling protocols vulnerable to interception and the interconnected nature of regional telecom networks — essential to Malaysia's role as a Southeast Asian communications hub — introduces additional exposure. Cross-border carrier connections create security gaps that sophisticated threat actors actively exploit.
Malaysia is already setting a strong example for the region in its use of sovereign, government-grade technology.
At the 46th and 47th Asean Summits, BlackBerry Secure Communications was deployed to protect heads of state, ministers and senior officials, enabling seamless coordination among highly mobile agencies and logistics teams.
Across more than five hundred meetings in different locations at each event, it ensured that sensitive discussions, logistics, interagency communications, and associated metadata remained fully protected throughout for thousands of personnel.
National policy initiatives currently focus on building resilience, developing sovereign capabilities, and fostering a truly adaptive digital society. The Malaysia Cyber Security Strategy 2025–2030, themed "Cyber Security Resilience: Nurturing an Adaptive Digital Society," further reinforces this direction.
The forthcoming Cybercrimes Bill will add further legislative weight to efforts tackling modern digital threats, including those targeting communications networks.
Malaysia's approach to sovereign communications resilience offers instructive lessons for the wider region, built around three essential components.
First, certified encryption. Organisations managing sensitive government, military or critical infrastructure communications must deploy government-certified, military-grade encryption solutions operating independently of vulnerable public networks. End-to-end encryption, combined with device integrity protection and out-of-band resilience, ensures communication remains confidential even when underlying telecom networks are compromised.
Second, data sovereignty. Sensitive data must remain on sovereign networks, processed within national jurisdiction, with complete organisational control over infrastructure and data flows. Consumer-grade messaging applications, however convenient, lack these guarantees, creating unacceptable risks for classified or sensitive communications.
Third, security culture. Comprehensive protocols and education programmes are essential. Even at a basic cyber-hygiene level, anyone handling sensitive information must understand the risks inherent in public telecom networks and have secure alternatives available.
The unfortunate truth is that we have not seen the last of these network intrusions and exploitation of consumer-grade apps, particularly in a heightened geopolitical landscape.
Recent experiences in Singapore and Europe is a warning to Malaysia and Asean that these threats are escalating, but also an opportunity to strengthen defences before they intensify further.
%3Aquality(100)&w=3840&q=75)