Cybercriminals scale up, government sector hit hardest

Key Points:

• Government agencies experienced the highest volume of cyberattack campaigns in 2025, with 274 active campaigns, followed by financial services and technology sectors.
• The impact includes significant data breaches and disruptions across sensitive sectors, with ransomware leading at 22% of campaign types, alongside infostealers (19%) and phishing (17%).
• Recommended actions include enhancing security measures against ransomware and phishing, monitoring for exploitation of known vulnerabilities, and implementing robust incident response plans.

Technical Details: Attackers exploited 549 distinct vulnerabilities throughout the year, with notable mentions including CVE-2017-17215 and CVE-2023-1389. Campaigns utilized automated workflows via platforms like Telegram for real-time data extraction.

MITRE ATT&CK Techniques:

• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
• T1566 - Phishing (Initial Access)
• T1490 - Inhibit System Recovery (Impact)
• T1003.001 - OS Credential Dumping: LSASS Memory (Credential Access)

IOCs Mentioned:

• CVE-2017-17215
• CVE-2023-1389
• CVE-2014-8361
• CVE-2017-9841
• CVE-2023-26801