Telcos see surge in ransomware and espionage in 2025

Cyber threats against telecoms providers intensified in 2025, with ransomware attacks rising sharply and stolen customer data and network access increasingly traded in underground markets, according to a report released by threat intelligence firm.

Cyble Research and Intelligence Labs said it recorded 444 telecom-related threat incidents during the year, arguing that the sector has become a prime target for cybercriminals, ransomware operators, hacktivist groups and state-backed actors because of its role as critical infrastructure and the value of subscriber personally identifiable information.

Ransomware attacks on telecom organisations have increased four-fold since 2021, the report said, with 90 ransomware incidents logged in 2025 carried out by 34 separate ransomware groups.

Advertisement

‹

EVENT

VeeamON 2026 Tour India - Delhi

A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.

📅 Fri, 19 Jun 2026

📍 Shangri-La Eros

Register Now →

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

Register Now →

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

Register Now →

›

A small number of groups accounted for a large share of activity, Cyble said, with Qilin, Akira and Play together responsible for nearly 39% of observed ransomware attacks in the sector.

The report said 69% of ransomware attacks were concentrated in the Americas, with the United States among the most targeted markets.

Cyble said the threat landscape also included a rise in the exploitation of vulnerabilities in internet-facing infrastructure and edge devices, which can give attackers a foothold in carrier environments and supply chains. It cited widespread abuse of vulnerabilities such as CVE-2025-0282 and CVE-2025-0283 affecting Ivanti systems across multiple telecom attacks.

“In 2025, telecom providers faced a convergence of threats, from ransomware and espionage to SIM swapping services and mass data leaks,” said Mandar Patil, senior vice president, Cyble.

“These attacks are increasingly enabled by the rapid weaponisation of vulnerabilities in internet-facing infrastructure and edge devices, making proactive patching and continuous monitoring non-negotiable,” Patil said.

Growing scale of cyber espionage targeting telecom networks

The report flagged what it described as a thriving underground trade in initial access to telecom environments, SIM swapping services and large customer databases, arguing that compromised access and stolen data are being treated as commodities across cybercrime forums.

The report also pointed to the growing scale of cyber espionage targeting telecom networks, including activity it linked to the China-associated Salt Typhoon campaign. Such operations aim to maintain long-term persistence for surveillance and can include theft of sensitive call records, the report said.

Cyble said telecom operators should prioritise faster patching, stronger monitoring and improved resilience to counter threats that can disrupt services and expose sensitive customer and network data.