The share of the introduction of APT groups in Russian companies has grown to 35%

By November 2025, the share of the introduction of malicious software by professional hacker groups in the infrastructures of Russian companies increased to 35%, which is 10 percentage points more than in the second quarter. Experts from Solar Group of Companies, the architect of integrated cybersecurity, told Izvestia about this at the SOC Forum.

So, in the fourth quarter of 2024, each company faced 40 infections of VPO compared to 99 in October 2025. This indicator may grow again by the end of the year, because attackers, especially financially motivated ones, are more active before sales, New Year's Eve and subsequent holidays.

In the third quarter, hackers more often tried to attack organizations from the fields of industry (27% of sensor developments, -5 percentage points compared to the 2nd quarter), fuel and energy sector (17%, + 6 percentage points), healthcare (17%, -1 percentage points) and government agencies (13%, + 6 percentage points). Fewer infections were recorded in IT companies (11%), educational organizations (10%), the credit and financial industry (4%) and telecom (1%).

At the same time, in October 2025, the share of infections in the military—industrial complex increased to 30%, in healthcare — to 29%, and in government agencies - to 26%. The remaining infections occurred in industry (6%), education (4%) and other sectors.

Most of them accounted for indicators of the presence of APT groups (32% in the 3rd quarter, +7 percentage points compared to the 2nd quarter), stealer programs for stealing confidential information (30%, -8 percentage points) and RAT tools for obtaining remote access to the company's IT systems-victims (24%, + 5 percentage points). In October 2025, the share of professional hackers increased to 36%, the share of stylers increased to 32%, and the RAT remained at about the same level and amounted to 23%.

Experts explain the growing trend in RAT by hackers' desire to manage the attacked systems of victims and monetize attacks — for example, using such means, access to hacked infrastructures can be sold on the black market. At the same time, APT groups continue to increase their activity - this is happening against the background of recent geopolitical events, which make Russian organizations even more interesting for professional hackers working for foreign countries.

Hacking with penetration: the State Duma intends to regulate the activities of "white hackers"

Parliamentarians have prepared a package of bills aimed at this

In early November, Sergey Grachev, Deputy director of the Metallurgy and Materials Department, told Izvestia that more than half of cyber attacks begin with phishing. Even with advanced security systems, the human factor remains the deciding factor: an employee opens a malicious email, and the infection occurs inside the corporate perimeter.