Cyble Research & Intelligence Labs (CRIL) has released its Telecommunications Sector Threat Landscape Report 2025, a comprehensive analysis of cyber threats impacting global telecom providers throughout 2025. The report identifies the telecommunications sector as a prime target for cybercriminals, ransomware operators, nation-state actors, and hacktivist groups, driven by the strategic value of critical infrastructure and the monetization potential of subscriber Personally Identifiable Information (PII).
Cyble’s researchers observed 444 telecom-related threat incidents during the year, underscoring how stolen subscriber data and compromised network access continue to be traded as commodities across cybercrime forums. The report also notes that ransomware attacks on telecom organizations have grown four-fold over the last four years, with 90 ransomware attacks recorded in 2025 alone, carried out by 34 distinct ransomware groups.
A small number of ransomware groups accounted for a disproportionate share of attacks. Qilin, Akira, and Play collectively drove nearly 39% of observed ransomware activity in the sector.
The report also highlights the increasing scale of nation-state cyber espionage, including activity linked to the China-associated Salt Typhoon campaign, which targeted telecom networks to enable long-term persistence and surveillance, including the theft of sensitive call records.
Telecommunications Sector 2025
“In 2025, telecom providers faced a convergence of threats—from ransomware and espionage to SIM swapping services and mass data leaks,” said Mandar Patil, Senior Vice President at Cyble. “These attacks are increasingly enabled by the rapid weaponization of vulnerabilities in internet-facing infrastructure and edge devices, making proactive patching and continuous monitoring non-negotiable.”
Key Findings from the Report Include:
- 444 observed telecom threat incidents in 2025.
- 90 ransomware attacks targeting telecom organizations, up sharply since 2021.
- 69% of ransomware attacks concentrated in the Americas, with the U.S. among the most targeted regions.
- Widespread exploitation of vulnerabilities such as CVE-2025-0282/0283 (Ivanti) across multiple telecom attacks.
A thriving underground market for initial access, SIM swapping services, and massive customer databases.
