Telecom Sector Sees Steady Rise in Ransomware Attacks
Summary:
According to Cyble’s 2025 threat landscape report, ransomware attacks aimed at the Telecom sector have grown four-fold since 2021. In 2025, Cyble documented 444 security incidents affecting the sector, including 90 confirmed ransomware attacks. The most prominent ransomware groups were Qilin, Akira, and Play, which accounted for 39% of all observed incidents. Beyond financially motivated attacks, Cyble noted of persistent nation-state and espionage-focused activity against telecom providers. Particularly, China-linked group Salt Typhoon, demonstrated a persistent threat, infiltrating telecom providers for long-term espionage by exploiting critical vulnerabilities in network-edge devices from vendors like Cisco and Fortinet. Hacktivists motivated by geopolitical agendas also contributed to the disruption of telecom providers in 2025. Notably, pro-Russian groups claimed intrusions into Ukrainian telecommunication infrastructure, using Distributed Denial-of-Service (DDoS) attacks, website defacements, and data leaks as part of broader ideological campaigns.
Security Officer Comments:
Although not as frequently targeted as other sectors, the telecommunication sector remains a high-value target for cybercriminals, ransomware operators, and hacktivist groups due to its role as critical national infrastructure and its access to high-volume subscriber data. In 2025, threat activity against telecom organizations was driven by the monetization potential of subscriber Personally Identifiable Information (PII), the strategic leverage of telecom operations in geopolitical conflicts, and the sector’s frequent exposure through internet-facing infrastructure and third-party service dependencies. As we head into 2026, telecom organizations are expected to face continued ransomware activity, ongoing nation-state espionage, and increased abuse of stolen network access and customer data. These threats, combined with supply-chain weaknesses and unpatched vulnerabilities, will keep the sector under pressure, making basic cyber hygiene, timely patching, and continuous monitoring essential for reducing risk.
Link(s):
https://www.cybersecuritydive.com/news/telecom-ransomware-spike-cyble/809224
According to Cyble’s 2025 threat landscape report, ransomware attacks aimed at the Telecom sector have grown four-fold since 2021. In 2025, Cyble documented 444 security incidents affecting the sector, including 90 confirmed ransomware attacks. The most prominent ransomware groups were Qilin, Akira, and Play, which accounted for 39% of all observed incidents. Beyond financially motivated attacks, Cyble noted of persistent nation-state and espionage-focused activity against telecom providers. Particularly, China-linked group Salt Typhoon, demonstrated a persistent threat, infiltrating telecom providers for long-term espionage by exploiting critical vulnerabilities in network-edge devices from vendors like Cisco and Fortinet. Hacktivists motivated by geopolitical agendas also contributed to the disruption of telecom providers in 2025. Notably, pro-Russian groups claimed intrusions into Ukrainian telecommunication infrastructure, using Distributed Denial-of-Service (DDoS) attacks, website defacements, and data leaks as part of broader ideological campaigns.
Security Officer Comments:
Although not as frequently targeted as other sectors, the telecommunication sector remains a high-value target for cybercriminals, ransomware operators, and hacktivist groups due to its role as critical national infrastructure and its access to high-volume subscriber data. In 2025, threat activity against telecom organizations was driven by the monetization potential of subscriber Personally Identifiable Information (PII), the strategic leverage of telecom operations in geopolitical conflicts, and the sector’s frequent exposure through internet-facing infrastructure and third-party service dependencies. As we head into 2026, telecom organizations are expected to face continued ransomware activity, ongoing nation-state espionage, and increased abuse of stolen network access and customer data. These threats, combined with supply-chain weaknesses and unpatched vulnerabilities, will keep the sector under pressure, making basic cyber hygiene, timely patching, and continuous monitoring essential for reducing risk.
Link(s):
https://www.cybersecuritydive.com/news/telecom-ransomware-spike-cyble/809224