After observing Ukraine’s Operation Spiderweb—in which 117 drones were launched from within Russian territory to target Russian military aircraft—I was prompted to compile examples of America’s vulnerabilities to similar tactics, along with cases of strategic sabotage operations detected on U.S. soil. The goal is to help visualize what attacks inside the United States might realistically look like.
Threat: U.S. Vulnerabilities to Drone Attacks
One of the more difficult elements of executing a successful drone operation within a heavily surveilled nation like Russia (or as we’ve also seen, within Iran) is staging: covertly transporting and preparing armed drones at a launch point deep inside enemy territory. In contrast, that critical challenge may be significantly easier in the United States due to a variety of vulnerabilities.
Vulnerability: COSCO – China’s State Owned Maritime Transportation
Members from the House Committee on Homeland Security have raised concerns about COSCO SHIPPING, a state-owned enterprise from the People’s Republic of China (PRC), and its operations within the nation’s maritime transportation system.
In a Jan 2025 letter to the Acting Commandant of the US Coast Guard, some House members wrote:
“Given the PRC’s track record of exploiting commercial assets for intelligence and military purposes, COSCO SHIPPING’s expansive operations at major U.S. ports present significant national security concerns, including espionage, cyber intrusions, sabotage, and supply chain disruptions. These concerns are amplified by COSCO SHIPPING’s substantial control over global container traffic and its proximity to U.S. critical infrastructure. Moreover, if public reports are accurate, COSCO SHIPPING vessels, like many other PRC state-owned merchant ships, frequently have Chinese Communist Party (CCP) political commissars embedded amongst their crews, further demonstrating the CCP’s direct influence over these operations. The company’s documented ties to the People’s Liberation Army (PLA), which, in part, warranted its inclusion on the Department of Defense’s Section 1260H list, only compounds the potential threats to the United States. Permitting vessels and personnel affiliated with COSCO SHIPPING to operate within U.S. ports without adequate safeguards exposes our nation to unacceptable risks, particularly during times of increased geopolitical tension.”
Vulnerability: Chinese Owned Rural Land in United States
According to a report from the Farm Service Agency of the USDA, Chinese investors owned 277,336 acres of US land as of December 31, 2023.
Much of the lands surrounds military installations, as highlighted in the following NYPost graphic (reflecting 2022 data).
Vulnerability: Cartel Logistics Networks & Tunnels
Cartel logistic networks and tunnel systems have the potential to be utilized for drone attack staging (as well as other types of guerrilla warfare). Cartels have been using drones to drop explosives since at least 2017. We haven’t yet seen the kinds of large scale drone attacks of Operation Spiderweb from them, but the potential is there for them to engage in guerrilla tactics on behalf of their own interests (in the event of an escalation of the war on cartels). There is also the potential of them partnering with other adversaries.
Connections between Mexican drug cartels and China are documented. Drug cartels obtain fentanyl precursors from China. And there is even testimony of Chinese chemists training fentanyl cooks in Mexico. Luis Chaparro, a journalist with sources inside Mexican drug cartels, told Shawn Ryan in 2021 and 2022 interviews his cartel sources told him Chinese chemists trained Sinaloa fentanyl cooks—both in how to lace heroin with fentanyl and in manufacturing fentanyl pills.
Vulnerability: Chinese Surveillance Systems
Staging and targeting for drone attacks could also be accommodated by the Chinese surveillance systems.
CNN reported in 2022 on Chinese Huawei equipment discovered atop cell towers near US military installations,
“Among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country’s nuclear weapons.”
Innovations in Drone Warfare
One of the first large-scale drone attacks against critical infrastructure occurred in 2019, when drones were used to strike Saudi oil facilities. The disruption cost Saudi Arabia hundreds of millions of dollars per day and signaled that drones were poised to transform modern warfare. But, widespread innovation in drone tactics and technology required a prolonged, high-intensity conflict—something that emerged with the war in Ukraine.
One Russian drone engineer, Sergey Tovkach, noted the pace of change on that battlefield is extraordinarily fast, estimating that the innovation cycle can be as short as two months. “Whatever breakthrough you come up with today, might only work once,” he said. Real Reporter’s interview with him was so information dense, I wrote an article to highlight his insights.
A look at some notable innovations to help visualize near future strikes (skipping kamikaze drone attacks since most readers have likely seen plenty of examples):
Tactic: Sleeper Drones
Sergey described the tactic in the interview,
“When these [sleeper] drones first started showing up in the Kursk region, it was an absolute nightmare for the Ukrainians. We’re talking about drones that just sit there hidden, silent almost invisible and then they spring into action at the perfect moment.
Tactic: Remote Mine Laying and Caltrop Dropping
Ukrainian Vampire/ Baba-Yaga heavy agricultural drones are able to carry heavy payloads. Here’s a video of one dropping a T-62 anti-tank mine (with a payload of approximately 7–8 kilograms (15–18 pounds) of high explosives). Drones are being used for remote mine laying on roads believed to be clear for travel, because they had been recently traversed.
Ukraine has also been dropping caltrops from drones—which shred tires. These tactics have been especially effective against military convoys.
Tactic: Thermite Spewing Drones
Videos have appeared on Telegram and X of drones spraying thermite on enemy positions. Thermite burns at temperatures exceeding 2,200°C (4,000°F), enough to ignite fires, destroy electronics, and melt through structural metals.
Tactic: Overwhelming Defenses with Dummy Drones
In November 2024, the LA Times reported that over half of the drones used by Russia in attacks on Ukraine were unarmed decoys, designed to exhaust Ukrainian air defenses by forcing them to expend munitions—thereby creating openings for armed assault drones to penetrate more effectively.
Tactic: Time-Delayed Fragmentation Munitions
In the Kharkiv region, Russia reportedly launched a Geran/ Shahed-type drone equipped with fragmentation explosives that continued detonating for as long as 20 hours. Explosive ordnance disposal teams reported that the components exploded one after another at intervals of several hours, with the final blast occurring almost a full day after the initial strike.
Tactic: Motherships for Drone Swarm Deployment
Swarming operations will be made increasingly viable with the deployment of motherships—unmanned vehicles carrying as many as 100 or more drones. Motherships can also serve as repeaters.
Tactic: Drones to Deploy Chemical or Biological Warfare Agents
There was a crude example of drones being used for biological warfare in 2019. Criminal gangs in China were dropping infected items from drones onto pig farms to spread Swine Flu.
More sophisticated options are available today. Agricultural spraying drones, capable of spraying chemical or biological warfare (CBW) agents, are already available commercially. These devices serve as a model, but more affordable varieties of drones modified with sprayers would make the tactic more widely assessable to actors working with smaller budgets. Ukraine and Russia have both accused the other of using drones to deploy chemical agents.
The Department of Justice charged two Chinese nationals of smuggling a fungus, classified as a potential agroterrorism weapon, into the US. They were reportedly researching the fungus. From the June 2025 DOJ press release:
“The FBI arrested Jian in connection with allegations related to Jian’s and Liu’s smuggling into America a fungus called Fusarium graminearum, which scientific literature classifies as a potential agroterrorism weapon. This noxious fungus causes “head blight,” a disease of wheat, barley, maize, and rice, and is responsible for billions of dollars in economic losses worldwide each year. Fusarium graminearum’s toxins cause vomiting, liver damage, and reproductive defects in humans and livestock.”
That case example helps to imagine some potential future uses for drone warfare.
“Starlink is the Holy Grail”
In his interview, Sergey described Starlink as the holy grail. He said it is the one Western technology which has performed flawlessly in the war. Ukraine’s fleet of naval drones are essentially Starlink terminals with a motor and some explosives strapped to a small boat. I have also seen examples of heavy ag drones equipped with Starlink terminals. One can imagine a drone mothership equipped with a Starlink terminal, providing connectivity not only for itself but also for the smaller drones it deploys. Naval variants of such motherships—capable of launching aerial swarms—may not be far off. These platforms would enable the deployment of drone swarms from just offshore.
Drone Targets
What types of targets might be chosen for strike drones? Hamas used drones against Israeli military observation towers on October 7—prior to sending motorcycle assault teams into military installations via remote fencing entry points. Ukraine utilized drones most notably against Russian airbases, but they have also targeted naval bases, weapons manufacturing, ammunition depots, oil refineries, and more. Israel has leveraged drones for precision-targeted assassinations of high-value targets. Hayat Tahrir al-Sham (HTS) deployed drones during their 2024 offensive to strike Syrian regime command centers, senior officers, troop convoys, artillery positions, and other military assets—supporting their rapid territorial gains and the eventual fall of Damascus in December 2024. (Images showcased classroom training, where HTS fighters trained in drone operations using video games and simulators.)
In a future conflict or coordinated act of sabotage, it is not difficult to imagine drones being used in similarly strategic fashion on American soil. One of our critical vulnerabilities remains our undefended power grid, but I imagine all military targets and critical infrastructure on the table. (I’ll show examples of the cyber targeting of critical systems next).
Counter Drone Capabilities
I spent some time researching the counter-UAS (cUAS) capabilities currently available to the United States and published my findings here. Most cUAS systems face restrictions on deployment within the homeland, and their effectiveness against a large-scale or coordinated drone threat remains to be seen.
Of note: If high-value targets become well-protected by top-tier cUAS systems, adversaries are likely to shift their focus to softer, more vulnerable targets.
Threat Detected: Cyber Attacks Against Critical Infrastructure
Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts.
source: White House letter to Governors
Volt Typhoon is a Chinese state-sponsored threat group that has been secretly embedding itself in U.S. critical infrastructure networks—including communications, energy, transportation, and water systems—since around mid-2021. The aim, according to former CISA Director: “to be ready to launch destructive cyber-attacks … to incite chaos and panic across our country and deter our ability to marshal military might and citizen will.”
“Chinese cyber actors, including a group known as “Volt Typhoon,” are burrowing deep into our critical infrastructure to be ready to launch destructive cyber-attacks in the event of a major crisis or conflict with the United States. This is a world where a major conflict halfway around the globe might well endanger the American people here at home through the disruption of our gas pipelines; the pollution of our water facilities; the severing of our telecommunications; the crippling of our transportation systems—all designed to incite chaos and panic across our country and deter our ability to marshal military might and citizen will.
“This threat is not theoretical: leveraging information from our government and industry partners, CISA teams have found and eradicated Chinese intrusions into critical infrastructure across multiple sectors, including aviation, energy, water, and telecommunications. And what we’ve found to date is likely the tip of the iceberg. Given the malicious activity uncovered by CISA, NSA, FBI, and industry partners, we are acting now, knowing that this threat is both real and urgent.”
A 2024 X post about Volt Typhoon from the FBI:
Wray said in April 2024:
“The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist.”
Threat Detected: Cyber Disruption of Water Systems
I want to highlight disruption of water systems because of a potential vulnerability coupled to that threat. Data centers often rely on water for cooling. While modern facilities typically use water-recycling systems, older or non-modernized centers may depend on continuous access to external water supplies. Disruption to their water source could be impactful.
From a March 2024 letter to Governors from the White House:
Disabling cyberattacks are striking water and wastewater systems throughout the United States. These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities. We are writing to describe the nature of these threats and request your partnership on important actions to secure water systems against the increasing risks from and consequences of these attacks. https://www.epa.gov/system/files/documents/2024-03/epa-apnsa-letter-to-governors_03182024.pdf
Of note, in addition to Volt Typhoon, Islamic Revolutionary Guard Corps (IRGC) was also identified as a threat actor carrying out cyberattacks against water systems.
“Threat actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC) have carried out malicious cyberattacks against United States critical infrastructure entities, including drinking water systems. In these attacks, IRGC-affiliated cyber actors targeted and disabled a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password…”
Threat Detected: Rogue Communication Devices in Chinese Solar Inverters
Reuters reported in May 2025 rogue communication devices were found in Chinese solar inverters. And undocumented cellular radios were also found in Chinese batteries.
“rogue communication devices not listed in product documents have been found in some Chinese solar power inverters by U.S experts who strip down equipment hooked up to grids to check for security issues … Over the past nine months, undocumented communication devices, including cellular radios, have also been found in some batteries from multiple Chinese suppliers … The rogue components provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, with potentially catastrophic consequences … Using the rogue communication devices to skirt firewalls and switch off inverters remotely, or change their settings, could destabilise power grids, damage energy infrastructure, and trigger widespread blackouts, experts said.
“That effectively means there is a built-in way to physically destroy the grid.”
This particular story caused me to think back to a chilling excerpt from Unrestricted Warfare, written in 1999 by two colonels in China’s People’s Liberation Army:
We believe that some morning people will awake to discover with surprise that quite a few gentle and kind things have begun to have offensive and lethal characteristics.
Op Success: Cyber Attack Against Grocery Distributer
I’m unaware of who was behind this particular cyber attack against a grocery distributer for Amazon’s Whole Foods, but it is notable since it may serve as a proof of concept.
United Natural Foods, the wholesale grocery distributor for Amazon’s Whole Foods, has taken some of its systems offline in response to a cyberattack. The disruption has reportedly led to sparsely stocked shelves at Whole Foods stores across the country.
Source: https://san.com/cc/grocery-wholesaler-shuts-down-systems-after-cyberattack-impacting-whole-foods
Interestingly, this scenario is similar to one from a fictional novel, Zero Day Code (2019). In that story, part of the Zero Day attack by China against the US involved attacking the IT systems of all the major food distributors in the US & the inventory control systems of all the major grocery stores. In the book, the attacks against the US were to prevent a response while China attacked their food producing neighbors.
Additional Significant Events:
(assessment continues below. list last updated March 2026)):
- “Between March 9-15, 2026, Barksdale Air Force Base Security Forces observed multiple waves of 12-15 drones operating over sensitive areas of the installation, including the flight line, with aircraft displaying non-commercial signal characteristics, long-range control links and resistance to jamming” – ABC News (Mar 2026) [Barksdale Air Force Base] is effectively bordered by 2 golf courses owned by Eugene Ji, a Chinese-American businessman, who has held multiple Chinese government positions including serving as an official for an arm of a Chinese Communist Party (CCP) influence and intelligence agency called the United Front Work Department (UFWD)…” – DailyCaller (Jan 2026)
- “Approximately two miles to the north and south, [Barksdale Air Force Base] is effectively bordered by The Golf Club At StoneBridge and its 27-hole, 340-acre sister, Olde Oaks Golf Club. Since 2013, both courses have been owned by Eugene Ji, a Chinese-American businessman, who has held multiple Chinese government positions including serving as an official for an arm of a Chinese Communist Party (CCP) influence and intelligence agency called the United Front Work Department (UFWD)…” – DailyCaller (Jan 2026)
Chinese nationals are purchasing marijuana farms. “These farms provide a telling example of leveraging legal and illegal business opportunities to further smuggling opportunities into the United States.” (Allfare: China’s Whole of Nation Strategy from U.S. Army War College, Jan 2026) - Russia-based group providing paramilitary training courses online-including in drone warfare. (Guardian, Nov 2025)
- Islamic State and al-Qaeda have published instructional manuals on the use of drones and propaganda encouraging drone attacks on soft targets in the West (Militant Wire, Nov 2025)
- Cartel Members Fought In Ukraine To Learn FPV Drone Skills (TheWarZone, July 2025)
- Beijing has “adopted a less constrained system for cyber offense, enabling private companies to conduct hacking campaigns independently.” “The result of that incentive structure is that there is significantly more hacking.” (wapo, Jul 2025)
- A recent compromise of a US state’s Army National Guard network by PRC-associated cyber actors, tracked as Salt Typhoon, likely gave Beijing data to facilitate hacking other states’ Guard units and their cybersecurity partners. This could impair those partners’ ability to defend US critical infrastructure against PRC cyber campaigns. (Office of Intelligence and Analysis, Jun 2025)
- In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks. A senior Chinese official linked intrusions to escalating U.S. support for Taiwan (NYT, Apr 2025)
- Russia is developing a new satellite meant to carry a nuclear weapon as an antisatellite capability. (Annual Threat Assessment of the Intel Community, Mar 2025)
- Global connectivity under threat: Increasingly frequent incidents of deliberate underwater sabotage targeting critical fiber optics, power cables and pipelines raise significant global security concerns. (Stefan Hedlund for GISReportsOnline, Jan 2025)
- Homeland Security Warns about the Spike in China-Based Technology Firms’ Smuggling of Signal Jammers (DHS, Jun 2025)
- Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel (ProPublica, Jul 2025)
- Chinese nationals arrested on charges of smuggling biological materials related to ringworm. (DOJ, Jun 2025)
- Department of Defense released an update to the names of “Chinese military companies” operating directly or indirectly in the United States (DoD, Jan 2025)
- China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers (Wired, Feb 2025)
- US government shuts down Chinese-owned cryptomine near nuclear missile base in Wyoming (Data Center Dynamics, May 2024)
- Treasury says Chinese hackers remotely accessed documents in ‘major’ cyber incident (NPR, Dec 2024)
- Illegal PRC linked biolab discovered in an abandoned warehouse in Fresno County, CA. The facility contained at least 20 potentially infectious agents including HIV, Tuberculosis, Dengue, SARSCoV2, and the deadliest known form of Malaria. (House Select Committee on the CCP report, Nov 2023)
Unrestricted Warfare: A Hybrid Model Combining Strategic Sabotage w Guerrilla Terrorism
In Unrestricted Warfare, the authors call for “combining the battlefield and non-battlefield, warfare and non-warfare, military and non-military.” They specifically call for combining network disruptions with financial wars and terrorism.
Excerpts from Unrestricted Warfare (1999):
“…the attacking side secretly musters large amounts of capital without the enemy nation being aware of this at all and launches a sneak attack against its financial markets, [and] then after causing a financial crisis buries a computer virus . . . in the opponent’s computer system . . . while at the same time carrying out a network attack against the enemy so that the civilian electricity network, traffic dispatching network, financial transaction network, telephone communications network, and mass media network are completely paralyzed, this will cause the enemy nation to fall into social panic, street riots, and a political crisis. … It can be considered to be ‘subduing the other Army through clever operations’.”
…
“..we need only shake the kaleidoscope of addition to be able to combine into an inexhaustible variety of methods of operation.
Military Trans-military Non-military
• Atomic warfare • Diplomatic warfare • Financial warfare • Conventional warfare • Network warfare • Trade warfare • Biochemical warfare • Intelligence warfare • Resources warfare • Ecological warfare • Psychological warfare • Economic aid warfare • Space warfare • Tactical warfare • Regulatory warfare • Electronic warfare • Smuggling warfare • Sanction warfare • Guerrilla warfare • Drug warfare • Media warfare • Terrorist warfare • Virtual warfare (deterrence) • Ideological warfare
Any of the above types of methods of operation can be combined with another of the above methods of operation to form a completely new method of operation.”
There have been many examples of domestic threat actors willing to carry out terrorism and political violence within the United States.
Terrorgram published blueprints for sabotaging critical infrastructure. MKY publications promote mass killing tactics, including ramming vehicles into crowds. One (764/MKU adjacent) group was recently promoting large scale arson attacks and another was providing detonator manuals online. (The original manual was published in Russian, but it was translated to English). An individual with Islamist beliefs was arrested after planning an attack on a Christian concert over Roblox. An Order of Nine Angles (o9a) adherent killed his parents to fund his operation to assassinate President Trump (while communicating online with an individual who led him to believe he would be relocated to Ukraine following his attack and whom messages indicate the aspiring assassin believed was coordinating with 10 other actors within the US. His manifesto was titled, ‘Accelerate the Collapse’). Militant accelerationists have targeted our power grid. There have been groups financed by a Maoist American living in China, calling for a communist revolution. A Maoist faction within the Democratic Socialists of America (DSA) was calling on fellow communists to channel the energy of the masses into “an organized, disciplined revolutionary force,” during the ICE protests.
To what extent are foreign adversaries aware of these various online (and offline) communities—which are ripe for exploitation and need only a little direction to take their threats to the next level?
Combining Physical Events with Information Maneuvers and Moral Warfare
I wrote an article on Online Maneuver Warfare and quoted the following aim from John Boyd’s Patterns of Conflict presentation:
“Collapse adversary’s system into confusion and disorder causing him to over and under react to activity that appears simultaneously menacing as well as ambiguous, chaotic, or misleading.”
And I wrote of my expectation for future attacks in the US:
“Any sophisticated threat actor would likely integrate physical events with information maneuvers and moral warfare. These elements act as force multipliers and can be as disruptive as the physical attacks themselves.”
It may be more profitable for threat actors to conceal their role in future attacks. Ambiguous threats can be far more socially disruptive than those that are overt and recognizable. There is widespread distrust of our institutions. Corruption and ineptness have been surfaced. Acts that risk unifying a fractured, low-trust society may be counterproductive to the attacker’s goals. In our current information environment, non-cooperative centers of gravity will generate organically, but actors can amplify the disruption by seeding dueling over/ under react narratives, leaning into false-flag narratives, and launching contradictory impressions of events and blame—disrupting our orientation & maneuvering us beyond our capacity to adapt.
As Boyd said in his 1991 Congressional testimony, the strategic approach is thinking about setting up your operations ahead of time “to generate these mental/moral effects where you can just literally pull your adversary apart so he can’t even function as an integrated organism.” He warned, “if you don’t, your adversary is. And we could have some very serious consequences.”
Al-Qaeda’s Free Reading of 33 Strategies of War
An al-Qaeda leader, Sayf al-Adl, published a book titled, ‘Free Reading of 33 Strategies of War,’ on September 11, 2023. This book provides evidence they are among the adversaries with potential to fulfill Boyd’s warning. One excerpt which demonstrates we should expect their future planning to be increasingly sophisticated:
“Victory in war comes from the results of both hard and soft power. …using “smart” forces for highly secret psychological maneuvers that deceive enemies, plant seeds of doubt among them, and create an atmosphere of distrust to break their unity is crucial
Free Reading of 33 Strategies of War
This next excerpt helps to visualize in more detail what attempted future attacks from them may look like.
“Special operations and covert activities in cities will not yield the desired result unless a consecutive chain of operations is created, accompanied by media pressure, which affects the psychology of the target group and induces fear, despair, and doubt in them, giving them the impression that there is no safe place and that there is no end to the terror and explosions. The goal of striking the weak points of countries is to make fear and terror break the enemy’s will to resist, paralyze their ability to respond, and lead them to continuous mental attacks, ultimately resulting in surrender to increasing fear. Because the enemy’s cohesion and focus stability is their last refuge for resistance.”
War Will Be Reborn Into an Instrument of Enormous Power
“When people begin to lean toward and rejoice in the reduced use of military force to resolve conflicts, war will be reborn in another form and in another arena, becoming an instrument of enormous power in the hands of all those who harbor intentions of controlling other countries or regions.”
Unrestricted Warfare
What have I missed in my assessment? Let me know in the comments.
Additional reading from a cybersecurity researcher, Erika Langerová: China Is Studying How to Hack and Crash Our Power Grids
Discover more from ContraReport
Subscribe to get the latest posts sent to your email.
