Apolline is a Policy Researcher in Cyber and Emerging Technologies at Virtual Routes. She previously worked at Forward Global, leading cyber-focused studies for clients like ENISA and EDA. She also managed EU and NATO engagement at the InCyber Forum and InCyber Agora’s European expansion. Apolline has held previous roles at Europol and the Clingendael Institute. She holds a master’s in Intelligence, Security and Strategic Studies from the Universities of Glasgow, Trento and Charles, and a BA in International Studies from Leiden University.

‍

LinkedIn

James Shires is Co-Director of Virtual Routes and a Fellow at The Hague Program on International Cyber Security. He previously served as Senior Research Fellow in Cyber Policy at Chatham House and Assistant Professor in Cybersecurity Governance at Leiden University’s Institute of Security and Global Affairs. His research spans cybersecurity and international politics, covering topics such as digital authoritarianism, spyware regulation, cybersecurity expertise, and hack-and-leak operations. He is the author of The Politics of Cybersecurity in the Middle East (Hurst/Oxford University Press, 2021) and co-editor of Cyberspace and Instability (Edinburgh University Press, 2023).

‍

Personal website

LinkedIn

State-sponsored digital espionage remains a perennial fixture in the top tier of cyber threats, despite a widening of intelligence agencies’ activities and remits in the digital age (Lubin 2025, Broeders 2025). However, most treatments focus on specific vectors of espionage: “cyber” espionage based on compromise of organizational networks, such as the Office of Personnel Management (OPM) and Solarwinds incidents in the US (Libicki 2017, Willett 2021); large-scale access to telecommunications infrastructure, such as fears over Huawei or Cisco (Sprenger 2015, Radu and Amon 2021), or the use of commercial spyware to access individual mobile devices (Deibert 2020, 2025). Such incidents are generally treated as separate areas of research and policy, with different theoretical frameworks and expert communities.

However, this fragmented approach fails to take into account the fluid ways states conduct espionage across different layers of digital infrastructure. In practice, states move flexibly from one espionage vector to another to obtain intelligence, seeing them as options within an overarching set of similar strategic logics (Egloff and Shires 2022). This means that states not only choose between these different vectors, but also combine them; for instance, in cases of joint use of SS7 telecoms vulnerabilities and spyware (Marczak et al, 2020), cyber-intrusions exploiting certification authorities such as DigiNotar (Wolff and Braman, 2018), or the leveraging of DNS architecture to gain access to target networks (Mercer and Rascagneres, 2018).

This paper therefore proposes an infrastructural approach (Easterling, 2015) to analyse the cross-vectoral logics of digital espionage. We first lay out a spectrum ranging from the targeting of global and national digital infrastructures to organisational and personal devices and networks, illustrating this spectrum with selected cases from around the world. We then investigate an under-explored relationship between two layers: global telecommunications infrastructure and personal devices. Drawing on publicly available sources—including threat intelligence reports, government documents, and civil society investigations—we infer how states follow similar logics across these levels. We argue that state espionage is shaped by a dynamic interplay between access, risk of exposure, potential deniability and operational objectives, revealing it to be a more flexible and multi-layered practice than often supposed.