Heading: Cybercriminals Shift Focus: Espionage and Complex Attacks Transform Telecom and Industrial Security in 2025

In 2025, hackers shifted their focus toward new targets within the industrial and telecommunications sectors. Previously, their main goal was to disrupt websites and IT infrastructure. Now, they are increasingly engaging in espionage and sophisticated targeted attacks. This information is detailed in the report titled «Cyber Attack Trends in Industry and Telecom for 2025» published by Solar Group. The report is based on data from Anti-DDoS and WAF services, Solar 4RAYS sensor network statistics, and findings from cybersecurity analysis projects.

In the first quarter of 2025, the number of attacks per organization surged by 3.2 times compared to the end of 2024. In the industrial sector, the increase was more than fivefold, with an average of over 200 incidents reported for each enterprise. Sensors detected communication from malware to control servers, which helped identify various threats.

Within the industrial realm, the share of stealers—programs designed to steal information—increased by 24 percentage points, reaching 40%. Signs of APT group activity were identified in 19% of cases, up by 4 percentage points from previous figures. Remote access tools were found in 21% of incidents, botnets in 9%, and ransomware in 4%. Other threats included miners and phishing attacks.

In the telecommunications sector, APT group activity was recorded as the most frequent, accounting for 58% of all incidents, marking a 10 percentage-point rise from the fourth quarter of 2024. Remote access tools followed with 27%, and stealers represented 8%. Botnets, miners, phishing, and ransomware collectively made up another 7%.

Alexey Vishnyakov, Chief Technology Officer at the Solar 4RAYS Cyber Threat Research Center, explains that cybercriminals are increasingly infiltrating infrastructure to strike at the most opportune moments. He suggested that the rise in stealers may be linked to geopolitical factors, as many are seeking confidential information from industrial companies to gauge potential government actions.

At the same time, there has been a noticeable decline in DDoS attacks. From January to April, the average number of attacks on companies in the industrial sector dropped to 72, a 42% decrease from the previous year. In telecommunications, the number fell by 70%, totaling just 44. The duration of these attacks has also shortened, now typically lasting 5 to 10 minutes compared to the days or even months they previously could extend.

In February and March, experts observed sharp increases in attack power. In the industrial sector, this reached 106 Gbps, a tenfold increase, while in telecommunications, it surged 2.5 times to 508 Gbps. The most powerful attacks peaked at 1 Tbps, likely influenced by EU sanctions and the emergence of new, potent botnets.

There was also a decrease in web attacks targeting industrial company websites, dropping 18% to 5.8 million over four months. However, in April, SQL injection attempts increased by 75%, with such attacks enabling the theft of databases, documentation, and production information.

Vishnyakov emphasized that data theft and APT group attacks pose serious threats to major corporations. In telecommunications, these could disrupt supply chains and lead to covert attacks. He stressed the importance of not just implementing security measures, but also collaborating with experts who have a deep understanding of the industry.