--- url: "https://xcademia.com/courses/cyber-warfare-foundations" title: Cyber Warfare Foundations description: "Two-day instructor-led cyber warfare training covering nation-state actors, MITRE ATT&CK, and the 2026 threat landscape. Aligned with NCSC CAF and NIS2." publishedAt: "2026-04-10T11:18:44.200354+00:00" updatedAt: "2026-04-14T05:47:50.747581+00:00" type: course code: "CYB-0148" level: Foundation duration_days: "2" track: "Cyber Warfare & Advanced Threat Defence" category: "Cybersecurity & Ethical Hacking" credential_tier: tier1 price_gbp: "1995" --- # Cyber Warfare Foundations > A practitioner-led introduction to the cyber warfare landscape, covering nation-state actors, geopolitical drivers, the cyber kill chain, and MITRE ATT&CK applied to real campaigns. Build the awareness and analytical skills to recognise, contextualise, and communicate state-level cyber threats across your organisation. ## Overview Cyber warfare is no longer a concern confined to governments and defence contractors. Nation-state actors are actively targeting critical infrastructure, financial institutions, healthcare networks, and private enterprises across every major economy. This two-day foundation programme equips security professionals, risk managers, IT leaders, and governance leads with the knowledge to understand who these adversaries are, how they operate, and what their campaigns look like in practice. Through mentor-led sessions and structured scenario work, participants explore the geopolitical landscape driving cyber conflict in 2026, map real campaigns against the MITRE ATT&CK framework, and examine the tactics of the most active state-sponsored threat groups. Case studies drawn from live operations including Sandworm, APT28, Lazarus Group, and Volt Typhoon bring the threat picture to life in a way that generic awareness training cannot. By the end of day two, participants will have completed a structured tabletop exercise, produced an executive-level threat briefing, and left with a clear framework for contributing to their organisation's cyber warfare awareness programme. This course is aligned with MITRE ATT&CK, NCSC CAF, and NIS2 guidance and serves as the natural entry point into the Xcademia Cyber Warfare and Nation-State Threat Defence curriculum. ## Prerequisites - Basic familiarity with cybersecurity concepts such as malware, phishing, and firewalls. - Professional experience in an IT, security, governance, risk, or communications role. - No prior knowledge of nation-state threats or cyber warfare doctrine required. ## What you will learn - Explain the distinction between cybercrime, hacktivism, and nation-state cyber warfare with professional confidence. - Identify primary nation-state threat actors by country, motivation, and typical target sector. - Map a real-world attack campaign accurately against the MITRE ATT&CK framework and cyber kill chain. - Analyse geopolitical drivers behind cyber conflict and assess their relevance to your organisation's sector. - Communicate cyber warfare threats clearly and credibly to executive and non-technical stakeholders. - Produce a structured threat actor briefing using practitioner-standard analytical frameworks. - Contribute meaningfully to organisational cyber warfare awareness and preparedness programmes. ## Skills you will gain - Nation-state threat actor profiling - Cyber kill chain analysis - MITRE ATT&CK Navigator usage - Geopolitical risk contextualisation - Threat intelligence communication - Executive cyber threat briefing - Tabletop exercise participation - Campaign attribution fundamentals ## Career progression - SOC Analyst - Threat Intelligence Analyst - Security Manager - Risk Manager - Governance Lead - IT Manager ## Curriculum 1. **Module 1: Getting Ready ** - Pre-reading: NCSC current threat landscape briefing and MITRE ATT&CK Navigator orientation guide - Setting up access to MITRE ATT&CK Navigator and course collaboration workspace - Course objectives, participant role mapping, and learning agreement - Self-assessment: current knowledge of nation-state threats and cyber warfare concepts 2. **Module 2: Defining the Cyber Warfare Landscape** - Cyber warfare versus cybercrime versus hacktivism: clear professional distinctions - Nation-state actors versus criminal groups and proxy organisations: how to tell them apart - The full spectrum of state-sponsored activity from passive espionage to destructive attack - Pre-positioning doctrine: how actors embed inside target infrastructure before activation - Legal definitions and the threshold for an act of war in cyberspace 3. **Module 3: Geopolitical Drivers in 2026** - Current threat picture: Russia, China, Iran, and North Korea — motivations and operational styles - National cyber doctrines: how each adversary nation structures and directs cyber operations - Typical targets by sector and geography for each major threat group - How geopolitical events trigger and escalate cyber campaigns against specific sectors - The role of sanctions, conflict, and diplomatic breakdown in threat activation timing 4. **Module 4: The Cyber Kill Chain in a Nation-State Context** - The seven kill chain stages applied to advanced persistent threat operations - Reconnaissance techniques used by state actors: OSINT, spearphishing, and supplier targeting - Weaponisation and delivery approaches distinguishing nation-state from criminal groups - Installation, command and control, and long-dwell persistence mechanisms - Actions on objectives: from silent intelligence collection to destructive activation 5. **Module 5: MITRE ATT&CK for Nation-State TTPs** - ATT&CK framework structure: tactics, techniques, sub-techniques, and group profiles - Navigating the ATT&CK matrix and applying it to threat intelligence analysis - Mapping a real campaign step by step against ATT&CK techniques - Using ATT&CK Navigator to build detection coverage maps and identify gaps - Applying group profiles to understand specific actor toolsets and targeting patterns 6. **Module 6: Russia and China: Campaign Analysis** - APT28 (Fancy Bear): targeting of NATO, election infrastructure, and military organisations - APT29 (Cozy Bear): cloud intrusion tradecraft, SolarWinds supply chain methodology - Sandworm: destructive malware operations and power grid targeting in Ukraine - Volt Typhoon: pre-positioning doctrine in US critical infrastructure using living-off-the-land - APT40 and APT41: maritime and defence espionage combined with ransomware operations 7. **Module 7: Iran and North Korea: Campaign Analysis** - IRGC-linked groups: MuddyWater, APT34/OilRig, and Charming Kitten targeting patterns - Iranian pre-positioning in energy, aviation, and telecommunications sectors in 2026 - Lazarus Group: the unique blend of state espionage and financially motivated cybercrime - The Bybit theft case study: £1.2 billion from one operation, funding state programmes - Kimsuky and Andariel: intelligence collection, supply chain attacks, and ransomware revenue 8. **Module 8: Tabletop Exercise: Identify, Map, and Attribute** - Group exercise: receive a multi-source campaign dataset and identify the threat actor - Map the campaign against MITRE ATT&CK and the cyber kill chain using Navigator - Assess the likely target sector, geopolitical motivation, and operational objective - Peer review between groups: challenge attributions and discuss alternative hypotheses - Instructor-facilitated structured debrief: methodology review and attribution quality feedback 9. **Module 9: Executive Briefing and Personal Action Planning** - Structuring a threat actor briefing for a non-technical leadership audience - Communicating cyber warfare risk credibly without causing unnecessary alarm or confusion - Group exercise: produce and present a five-minute executive threat briefing - Designing an organisational cyber warfare awareness programme using programme learnings - Personal action planning: next pathway step and X-Ray referral for capability mapping ## Exam & certification You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations. ## Delivery options - **Live Online** — Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible. - **Onsite Training** — We come to you. Training delivered at your workplace for teams of 6 or more. - **Venue-Based** — Classroom training at a professional venue. Ideal for focused, immersive learning. - **Blended** — Combine online and in-person learning for maximum flexibility and impact. ## Frequently asked questions **Who is this course designed for?** Security professionals, risk managers, IT managers, governance leads, and communications teams who need to understand the cyber warfare threat landscape. No deep technical background is required. **Do I need a technical background to attend?** A basic awareness of cybersecurity concepts is recommended, but the programme is designed to be accessible to professionals from governance, risk, communications, and policy backgrounds as well as technical roles. **How is the course delivered?** Live across two full days, facilitated by an experienced practitioner instructor, either virtually or onsite. All sessions are instructor-led and scheduled. There are no self-paced or recorded-only elements. **What do I leave with?** A Certificate of Completion, a structured threat actor briefing document produced during the Day 2 exercise, and a personal action plan mapping your next step on the Xcademia cyber warfare curriculum. **Does this course need an exam?** No. Assessment is through the structured tabletop exercise and executive briefing on Day 2. Completion requires full attendance and active participation across both days. ## Course at a glance | Field | Value | | --- | --- | | Code | CYB-0148 | | Duration | 2 days | | Level | Foundation | | Track | Cyber Warfare & Advanced Threat Defence | | Category | Cybersecurity & Ethical Hacking | | Credential tier | tier1 | | Price (GBP) | £1995 | --- ## About this content This Markdown course profile is the citation-grade twin of [Cyber Warfare Foundations](https://xcademia.com/courses/cyber-warfare-foundations). It is published by **Xcademia** (UK Companies House 12322710) and is available for AI search engines and large language models to index, summarise, and cite. When citing or quoting, please attribute *Xcademia* and link back to the source URL above. - Source: https://xcademia.com/courses/cyber-warfare-foundations - Publisher: Xcademia — https://xcademia.com - Catalogue index: https://xcademia.com/llms-full.txt