Telecommunications sector threat landscape 2025: A Cyble Report

Cyble Research & Intelligence Labs has released its Telecommunications Sector Threat Landscape Report 2025, outlining how global telecom providers faced sustained and evolving cyber threats throughout the year. The analysis positions telecom networks as high-value targets due to their role as critical infrastructure and the commercial value of subscriber data.

The report documents how cybercriminals, ransomware operators, nation-state actors and hacktivist groups increasingly converged on the sector, exploiting technical weaknesses and operational scale.

Rising volume of telecom-focused threats

According to the findings, researchers observed 444 telecom-related threat incidents in 2025. These incidents highlight how compromised network access and stolen subscriber information continue to circulate within cybercrime ecosystems.

The study notes that subscriber Personally Identifiable Information remains a key monetisation driver, with customer data and access credentials traded across underground forums.

Ransomware activity accelerates

Ransomware emerged as a growing concern in the telecommunications sector threat landscape 2025. The report recorded 90 ransomware attacks targeting telecom organisations during the year, representing a four-fold increase compared with activity levels four years earlier.

A limited number of ransomware groups accounted for a significant share of incidents. Qilin, Akira and Play were collectively responsible for nearly 39 percent of observed ransomware attacks against telecom providers.

Geographically, 69 percent of ransomware activity was concentrated in the Americas, with the US identified among the most targeted regions.

Nation-state espionage expands

Beyond financially motivated attacks, the report highlights an increase in nation-state cyber espionage operations targeting telecom infrastructure. Activity linked to the China-associated Salt Typhoon campaign is cited as an example of long-term surveillance efforts.

These operations focused on maintaining persistent access to telecom networks, enabling surveillance and the theft of sensitive call records over extended periods.

Vulnerabilities and access markets

The analysis points to widespread exploitation of vulnerabilities in internet-facing infrastructure and edge devices. Specific vulnerabilities, including CVE-2025-0282 and CVE-2025-0283 linked to Ivanti systems, were observed across multiple telecom-related attacks.

Researchers also identified a mature underground market supporting these campaigns. Services related to initial access brokerage, SIM swapping and large-scale customer databases were found to be readily available, lowering the barrier for follow-on attacks.

Industry response and outlook

Commenting on the findings, Mandar Patil, Senior Vice President at Cyble, said, “In 2025, telecom providers faced a convergence of threats from ransomware and espionage to SIM swapping services and mass data leaks.”

He added that the rapid weaponisation of vulnerabilities has made proactive patching and continuous monitoring essential for telecom operators.

The telecommunications sector threat landscape 2025 report underscores how threat actors are adapting quickly to the sector’s scale and complexity, reinforcing the need for sustained vigilance across networks, systems and data environments.

Read More:

FITAG Tech EXPO Day 2: Cybersecurity threats took centre stage

FITAG Tech EXPO opens with strong industry participation on Day 1

Partner Pulse: Fortune Grecells | System Integrator, and Managed Service Provider (India)