XcademiaBook a Discovery Call
New Track · Core 3: Cybersecurity

Nation-States Are Already Inside.

Nation-states have been inside global infrastructure for years. Most organisations do not know they are already compromised. This track trains the people who find them, stop them, and build the defences that hold.

Explore the TrackStart with X-Ray
APT28 · ActiveSandworm · ActiveLazarus · Active
$0T
annual cybercrime cost
projected 2025
0d
avg nation-state dwell time
days undetected
0+
active APT groups
state-sponsored, live now
0%
surge in state attacks
year on year 2025→2026
Live Intelligence

The Threat Landscape, Right Now

Nation-state APT activity from AlienVault OTX — live adversary pulses with TLP classification. Click any row to expand.

Global Attack Map
Initialising threat map...
APT Activity Feed
Loading...
Threat Actor
Incident Record

This Already Happened.
To Organisations Like Yours.

These are not hypothetical scenarios. Every incident below was a real organisation, real data, real consequences — many of which are still unresolved today.

2017

WannaCry

$4B+
Healthcare / NHSLazarus / DPRK

48 NHS trusts crippled. 19,000 appointments cancelled. MRI scanners offline. First nation-state ransomware at scale.

2017

NotPetya

$10B+
Shipping / EnergySandworm / GRU

Maersk rebuilt 45,000 PCs in 10 days. Merck lost $870M. Most destructive cyberattack in history — disguised as ransomware.

2020

SolarWinds Orion

18,000 orgs
Government / TechAPT29 / SVR

Supply chain backdoor hit US Treasury, DoJ, DHS, Microsoft, Intel. 9 months undetected inside US federal networks.

2021

Colonial Pipeline

$4.4M ransom
Energy / OTDarkSide (RaaS)

US East Coast fuel supply halted for 6 days. National emergency declared. ICS/OT networks shut down by operators out of fear.

2021

Microsoft Exchange

250,000 servers
Enterprise / GovHafnium / China MSS

Four zero-days exploited before patch release. 10+ nation-state groups piled in within 72 hours of disclosure.

2022

Viasat KA-SAT

~10,000 terminals
Satellite / CommsSandworm / GRU

NATO satellite comms wiped 1 hour before Ukraine invasion. Wind turbine modems in Germany affected. First confirmed wartime cyberattack.

2023

MOVEit Transfer

2,500+ orgs
Finance / Legal / GovCL0P (FIN11)

SQL injection zero-day in managed file transfer. BBC, BA, Boots, US DoE, Shell, PWC all compromised via third-party supply chain.

2024

Change Healthcare

$870M+ losses
Healthcare / USALPHV / BlackCat

US healthcare payments infrastructure offline 6 weeks. 1 in 3 Americans had health data stolen. Largest healthcare breach in US history.

2024

UK MOD Payroll

272,000 personnel
Defence / UK GovChina-state (attributed)

Personal data of all active and reserve UK military personnel exfiltrated from third-party contractor. Names, addresses, bank details.

2017

WannaCry

$4B+
Healthcare / NHSLazarus / DPRK

48 NHS trusts crippled. 19,000 appointments cancelled. MRI scanners offline. First nation-state ransomware at scale.

2017

NotPetya

$10B+
Shipping / EnergySandworm / GRU

Maersk rebuilt 45,000 PCs in 10 days. Merck lost $870M. Most destructive cyberattack in history — disguised as ransomware.

2020

SolarWinds Orion

18,000 orgs
Government / TechAPT29 / SVR

Supply chain backdoor hit US Treasury, DoJ, DHS, Microsoft, Intel. 9 months undetected inside US federal networks.

2021

Colonial Pipeline

$4.4M ransom
Energy / OTDarkSide (RaaS)

US East Coast fuel supply halted for 6 days. National emergency declared. ICS/OT networks shut down by operators out of fear.

2021

Microsoft Exchange

250,000 servers
Enterprise / GovHafnium / China MSS

Four zero-days exploited before patch release. 10+ nation-state groups piled in within 72 hours of disclosure.

2022

Viasat KA-SAT

~10,000 terminals
Satellite / CommsSandworm / GRU

NATO satellite comms wiped 1 hour before Ukraine invasion. Wind turbine modems in Germany affected. First confirmed wartime cyberattack.

2023

MOVEit Transfer

2,500+ orgs
Finance / Legal / GovCL0P (FIN11)

SQL injection zero-day in managed file transfer. BBC, BA, Boots, US DoE, Shell, PWC all compromised via third-party supply chain.

2024

Change Healthcare

$870M+ losses
Healthcare / USALPHV / BlackCat

US healthcare payments infrastructure offline 6 weeks. 1 in 3 Americans had health data stolen. Largest healthcare breach in US history.

2024

UK MOD Payroll

272,000 personnel
Defence / UK GovChina-state (attributed)

Personal data of all active and reserve UK military personnel exfiltrated from third-party contractor. Names, addresses, bank details.

Sources: NCSC · CISA · Wired · Reuters · BBC · US-CERT · Verizon DBIR 2024

The Threat by Sector

Every Sector Is a Target.
Not Just Defence.

The threat is not distributed equally, but it is distributed universally. Below is the current threat posture for each major sector — with real statistics.

GOV

Government & Defence

0%

of NATO nations experienced state-sponsored intrusions in 2024

Nation-state actors persistently target classified networks, defence contractors, and diplomatic communications infrastructure.

Known incidents: UK MOD · US OPM · German Bundestag
NHS

Healthcare

0%

of NHS trusts reported a significant cyber incident in the past 24 months

Ransomware groups specifically target healthcare because operational pressure creates willingness to pay — and lives are at stake.

Known incidents: WannaCry · Change Healthcare · NHS IT provider
OT

Energy & Critical OT

0%

of critical infrastructure operators had an OT/ICS intrusion in 2023–24

ICS/SCADA systems controlling power grids, water plants, and pipelines are increasingly targeted as geopolitical leverage.

Known incidents: Colonial Pipeline · Ukraine Power Grid · Oldsmar Water
FIN

Finance & Banking

$0M

average data breach cost in financial services — highest of any sector

SWIFT-targeting APTs, credential theft, and insider threats combine with the highest regulatory cost of any industry.

Known incidents: Bangladesh Bank · Lazarus SWIFT · MOVEit (PWC/EY)
EDU

Education & Research

0x

more likely to be hit by ransomware than the average organisation

Universities hold IP, student PII, and research data. Open network culture and legacy IT make them soft targets for APT pre-positioning.

Known incidents: Kimsuky · APT10 research theft · UK universities
LEG

Legal & Professional

0%

of top-100 law firms have experienced a significant breach

M&A data, litigation strategy, and client privilege make law firms extraordinarily high-value targets for nation-state economic espionage.

Known incidents: Grubman Shire · DLA Piper · MOVEit (multiple firms)
TEL

Telecoms

0 carriers

major telecoms providers compromised in the 2024 Salt Typhoon campaign alone

Nation-state actors target telecoms for persistent lawful-intercept access — the ability to monitor communications at the network level.

Known incidents: Salt Typhoon · APT40 · Huawei supply chain
SUP

Supply Chain

0%

increase in software supply chain attacks between 2020 and 2024

A single compromised vendor can be the entry point for hundreds of organisations — as SolarWinds and MOVEit demonstrated at scale.

Known incidents: SolarWinds · 3CX · XZ Utils · MOVEit

Sources: IBM Cost of a Data Breach 2024 · Verizon DBIR 2024 · NCSC Annual Review 2024 · Gartner · CISA

Who This Is For

Built for Those Who
Cannot Afford to Lose.

If your sector appears below, your organisation is already a named target in an active threat actor playbook. This track was designed for the people who have to deal with that.

GOV

Government & Defence

95%

of NATO nations saw state-sponsored intrusions in 2024

Protect classified networks, sovereign data, and critical national infrastructure against persistent state-sponsored APT campaigns, hybrid warfare, and cognitive operations designed to destabilise government functions.

SOC AnalystsCISO / Security DirectorsDefence IT TeamsPolicy & Risk Officers
Aligned: NCSC CAF · GovAssure · DDaT
NHS

Healthcare & NHS

82%

of NHS trusts reported a significant cyber incident in 24 months

Defend patient data, EHR systems, and connected medical devices. Nation-state actors and ransomware gangs both target healthcare — one for intelligence, one because operational disruption creates maximum pressure to pay.

NHS IT Security LeadsIG ManagersDSPT OwnersClinical Systems Teams
Aligned: DSPT · NCSC CAF · ISO 27001
OT

Energy & Critical Infrastructure

68%

of critical infrastructure operators had an OT/ICS intrusion in 2023–24

Secure industrial control systems, power grids, water treatment, and pipeline infrastructure against physical-cyber convergence attacks. ICS environments are increasingly targeted for long-dwell pre-positioning.

OT/ICS Security EngineersSCADA OperatorsCNI Protection TeamsNetwork Defenders
Aligned: IEC 62443 · NCSC CAF · NIS2
FIN

Finance & Banking

$4.88M

average data breach cost — highest of any sector globally

SWIFT-targeting APTs, credential theft, insider threats, and supply chain attacks on third-party processors. Financial services face the highest regulatory penalty exposure of any industry alongside the highest breach cost.

CISOsFraud & Threat Intelligence TeamsCyber Risk OfficersFinTech Security Engineers
Aligned: ISO 27001 · NIST CSF · NIS2
LEG

Legal & Professional Services

74%

of top-100 law firms have experienced a significant breach

M&A data, litigation strategy, and client privilege make legal firms extraordinarily valuable nation-state targets for economic espionage. A breach in a law firm is often a breach of the client behind the matter.

Law Firm IT & SecurityRisk & Compliance PartnersInformation Governance Teams
Aligned: ISO 27001 · NCSC 10 Steps · NIS2
TEL

Telecoms & Satellite

9 carriers

compromised in the 2024 Salt Typhoon campaign alone

Nation-state actors target telecoms infrastructure for persistent lawful-intercept access — the ability to monitor communications at the network level without the carrier knowing. Satellite comms are now primary targets.

Telecoms Security EngineersNOC / SOC TeamsSpectrum & Satellite Security
Aligned: NCSC CAF · NIS2 · NATO CCDCOE
EDU

Education & Research

3x

more likely to be hit by ransomware than the average organisation

Universities hold cutting-edge research, student PII, and strategic IP. Kimsuky, APT10, and others specifically target academic institutions to steal pre-publication research in defence, biotech, and advanced materials.

University IT SecurityResearch Data ManagersAcademic CISOIT Directors
Aligned: NCSC 10 Steps · Cyber Essentials+ · DSPT
SUP

Supply Chain & Vendors

245%

increase in software supply chain attacks between 2020 and 2024

A single compromised supplier becomes the entry point for hundreds of downstream organisations. SolarWinds, MOVEit, and 3CX all demonstrated that attackers now prefer the trusted third-party vector over direct intrusion.

Vendor Risk ManagersSecurity ArchitectsProcurement TeamsDevSecOps Engineers
Aligned: ISO 27001 · NIST CSF · NIS2
Framework Alignment

Built to the Standards
Procurement Requires.

Government and enterprise procurement teams require alignment to recognised standards. Every course in this track is mapped to the frameworks below — so you can reference them in procurement, assurance, and regulatory submissions.

Global
MITRE ATT&CK
MITRE Corporation
UK
NCSC CAF
NCSC / UK Government
EU
NIS2 Directive
European Commission
Alliance
NATO CCDCOE
NATO
UK Gov
GovAssure
CDDO / Cabinet Office
Global
MITRE ATT&CK
MITRE Corporation
UK
NCSC CAF
NCSC / UK Government
EU
NIS2 Directive
European Commission
Alliance
NATO CCDCOE
NATO
UK Gov
GovAssure
CDDO / Cabinet Office
Global
ISO 27001
ISO / IEC
UK Gov
DDaT
UK Civil Service
Global
NIST CSF 2.0
NIST / US Gov
OT / ICS
IEC 62443
IEC
UK
Cyber Essentials
NCSC
Global
ISO 27001
ISO / IEC
UK Gov
DDaT
UK Civil Service
Global
NIST CSF 2.0
NIST / US Gov
OT / ICS
IEC 62443
IEC
UK
Cyber Essentials
NCSC
MITRE ATT&CK
Adversarial Tactics, Techniques & Common Knowledge
NCSC CAF
Cyber Assessment Framework
NIS2 Directive
Network & Information Systems Directive 2
NATO CCDCOE
Cooperative Cyber Defence Centre of Excellence
GovAssure
Government Cyber Security Assurance Framework
ISO 27001
Information Security Management Systems
DDaT
Digital, Data & Technology Capability Framework
NIST CSF 2.0
Cybersecurity Framework
IEC 62443
Industrial Cybersecurity Standards
Cyber Essentials
UK Government Baseline Cyber Standard
Track Roadmap

7 Courses in Development

COMING SOON

This track is currently in development. Below is the full planned curriculum — each course has defined learning outcomes, framework alignment, and a minimum one-day instructor-led format. Click any course to see the full detail.

While you wait

Explore our existing cybersecurity courses

Core 3 has live cybersecurity and ethical hacking courses available now.

View Courses

Be the first to know when this track launches

No spam. One email when courses go live.

How We Deliver

Four Ways to Train.
One Standard of Instruction.

Whether you need a single analyst trained or an enterprise-wide programme, every format is instructor-led by practitioners — not trainers reading from slides.

MOST POPULAR
01

Onsite Instructor-Led

1–5 daysTeams of 6–30

Delivered at your facility by a practitioner who has operated in the environments being taught. Classified-friendly delivery available for government and defence clients.

  • Fully customisable scenario content
  • Air-gapped / secure facility compatible
  • UK, Europe, Middle East & global
Discuss this format
02

Virtual Instructor-Led

1–3 daysGlobal participants

Live sessions with a practitioner instructor. Not pre-recorded. Real-time Q&A, scenario exercises, and breakout group work across time zones.

  • Live — not e-learning
  • Works across all time zones
  • Secure platform, no recording by default
Discuss this format
GOVERNMENT & NHS
03

Enterprise Cohort

Bespoke programme50–500+ staff

A structured multi-cohort programme aligned to your organisation's risk posture, threat model, and compliance requirements. Includes pre-engagement assessment and post-training debrief.

  • Risk-posture aligned content
  • Pre/post assessment included
  • CPD certificates for all participants
Discuss this format
ADVANCED
04

Red Team Wargame

1–2 daysBlue Team / SOC / CISO

A facilitated cyber crisis simulation where your team defends against a real nation-state-style attack scenario. Debrief identifies gaps in your current detection, response, and communication posture.

  • Simulated APT campaign against your environment
  • MITRE ATT&CK mapped attack chains
  • Documented gap analysis delivered post-event
Discuss this format
Xcademia X-Ray · Capability Intelligence. Delivered.

Not Sure Where to Start? Let X-Ray Decide.

X-Ray diagnoses your team's current capability against nation-state threat frameworks and prescribes the exact courses in the right order with measurable outcomes.

Start X-Ray DiagnosticTalk to an Expert
Aligned to MITRE ATT&CKNCSC CAF MappedNIS2 Compliant ContentNATO CCDCOE ReferencedGovAssure CompatibleISO 27001 AlignedPractitioner-ValidatedMin. 1 Full Day Per CourseUK · EU · ME · Global Delivery

Ready to Defend the Digital Battlefield?

Instructor-led. Minimum one full day. Available virtually and onsite. Enterprise cohorts available globally.

View CoursesDiscuss Enterprise Delivery
Onsite Delivery
UK · EU · Middle East · Global
Virtual Instructor-Led
Live sessions across all time zones
Enterprise Cohort
Bespoke programme for 50–500+ staff
Common Questions

Frequently Asked Questions

Have a question not answered here? Contact us directly.