Espionage and financial gain became the main targets of hacker attacks in 2025
- Новости
- Internet and technology
- Espionage and financial gain became the main targets of hacker attacks in 2025
In the first half of 2025, espionage and financial gain became the main targets of professional hackers in almost 90% of attacks, while the share of hacktivism is gradually decreasing, but still poses a serious threat. Such conclusions follow from the report on the chronicles of targeted cyber attacks in the first half of 2025, prepared by experts from the Solar 4RAYS Cyber Threat Research Center of Solar Group, the architect of integrated cybersecurity. The data was reviewed by Izvestia on August 8.
According to the report, the majority of investigations (68%) were related to espionage attacks, which is 7 percentage points more than in the same period of 2024. The share of malicious activity aimed at extortion or mining cryptocurrencies also increased by 8 percentage points year-on-year, to 20%.
"In turn, the number of hacker attacks aimed at attracting attention (including the destruction of infrastructure and the publication of stolen databases) decreased by 4 percentage points, to 8%.For comparison: Back in 2023, this figure was 35%," the company said.
According to experts, these statistics indicate a change in the priorities of hackers. Their interest is now focused not only on high-profile hacking cases, but also on extracting financial resources and valuable information about the work of large Russian companies, especially in the changing geopolitical situation.
In the first half of the year, the number of attacked sectors decreased by 40% compared to last year, amounting to only six sectors: the public sector (36% of all investigations), industry (20%), IT (12%), medicine (12%), energy (12%) and retail (8%). At the same time, the share of attacks on government organizations increased by 5 percentage points, and on industrial enterprises — by 11 percentage points.
In addition, there have been cases when several hacker groups attacked the same organization simultaneously, each pursuing its own goals. This indicates that attackers are now choosing for their attacks the most attractive organizations from key sectors that have a direct impact on the economy and security of the country and its citizens.
In most cases (46%), hackers used web application vulnerabilities to carry out attacks, in 40% of cases — compromised accounts. 7% of the incidents investigated started with phishing, and the same number of attacks were related to interactions through suppliers, contractors, or customers. Although the majority of attacks (32%) lasted no more than a week, there is a tendency to increase the time during which attackers remain in the target infrastructure.
So, in the first half of the year, the share of incidents lasting up to a month increased by 7 percentage points, to 16%, and attacks lasting up to two years — by 10 percentage points, also to 16%.
"In the first half of the year, APT groups demonstrated a more focused approach to victim selection - now they attack only the most valuable organizations from the point of view of espionage, both for political purposes and to sell stolen data on the black market," explained Ivan Syukhin, head of the incident investigation group at the Solar 4RAYS Research Center, Solar Group.
Earlier, on July 7, it was reported that scammers on Telegram began using the new "suggested posts" feature in order to send phishing links to owners of major channels, disguising them as interesting content. The main trick is to offer the administrator a generous fee so that he wants to explore the details via a link that leads to a phishing resource.
All important news is on the Izvestia channel in the MAX messenger.
Переведено сервисом «Яндекс Переводчик»
