Ongoing geopolitical challenges and AI also pose a threat to UK elections, the National Cyber Security Centre warned in its annual review.
A new type of cyber adversary has emerged in the past year: state-aligned actors who are ideologically, rather than financially, motivated, the NCSC report said.
Part of GCHQ, the NCSC highlighted China and Russia as enduring and significant threats to UK cyber security, noting that many of the new state-aligned groups it had seen appear were sympathetic to Moscow's invasion of Ukraine.
On AI, the NCSC warned that the next general election in the UK, expected next year, will be the first to take place against the backdrop of significant advances in the technology, which it said would enable and enhance existing challenges.
The cybersecurity agency said that large language models – the technology apps such as ChatGPT are built on – would almost certainly be used to generate fake content as part of disinformation campaigns to disrupt the democratic process.
At the first AI Safety Summit, held in the UK earlier this month, industry figures and world leaders warned of the potential for the technology to help cyber criminals carry out more sophisticated attacks.
The AI revolution: What does our future look like? – video
“The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech,” NCSC chief executive Lindy Cameron said.
“As our Annual Review shows, the NCSC and our partners have supported government, the public and private sector, citizens, and organisations of all sizes across the UK to raise awareness of the cyber threats and improve our collective resilience.
“Beyond the present challenges, we are very aware of the threats on the horizon, including rapid advancements in tech and the growing market for cyber capabilities.
“We are committed to facing those head on and keeping the UK at the forefront of cyber security.”
The annual review said work needed to be done to ensure the UK kept pace with the changing threats, particularly in relation to enhancing cyber resilience in the nation’s infrastructure.