A new chapter of the Kaspersky Security Bulletin looks at what shaped telecom cybersecurity in 2025 and what is likely to persist in 2026. APT activity, supply-chain compromise, DDoS disruption and SIM-enabled fraud continued to pressure operators in 2025, while newer technology deployments introduce additional operational risk.
In 2025, telecom operators faced four broad threat categories. Targeted intrusions (APT) continued to focus on gaining stealthy access to operator environments for long-term espionage and leverage through privileged network positioning. Supply chain vulnerabilities remained an entry point: telecom ecosystems rely on many vendors, contractors and tightly integrated platforms, so weaknesses in widely used software and services can provide a path into operator networks. Finally, DDoS remained a practical availability and capacity problem.
Between November 2024 and October 2025, Kaspersky Security Network shows 12.79% of users in the telecommunications sector encountered web threats and 20.76% faced on-device threats. Over the same period, 9.86% of telecom organizations worldwide experienced ransomware.
At the same time, the telecommunications sector is moving from rapid technological development to broad implementation — and the report argues that this shift creates new opportunities and new operational risks for 2026. Kaspersky highlights three areas where technology transitions could introduce disruption if rolled out unevenly or without strong controls: AI-assisted network management, where automation can amplify configuration errors or act on misleading data; post-quantum cryptography transitions, where rushed deployment of hybrid and post-quantum approaches could cause interoperability and performance issues across IT, management and interconnect environments; and 5G-to-satellite integration (NTN), where expanding service footprints and partner dependencies introduce new integration points and potential failure modes.
“The threats that dominated 2025 — APT campaigns, supply chain attacks, DDoS floods — aren't going away. But now they intersect with operational risks from AI automation, quantum-ready cryptography, and satellite integration. Telecom operators need visibility across both dimensions: maintaining strong defenses against known threats while building security into these new technologies from day one. The key is continuous threat intelligence that spans from endpoint to edge to orbit,” — said Leonid Bezvershenko, senior security researcher at Kaspersky GReAT.
Read the full telecommunications chapter of the Kaspersky Security Bulletin 2025.
To reduce risk and strengthen resilience, Kaspersky experts recommend:
- Track the APT landscape and telecom-relevant infrastructure continuously. Kaspersky Threat Intelligence Portal helps to monitor actor and campaign context, and pair that intelligence with regular security awareness training so employees can recognize suspicious activity and apply security policies consistently.
- Treat AI-driven network automation as a change-management program. Keep a human override for high-impact actions, roll out in stages with clear rollback paths, and continuously validate the data feeding AI systems so noisy or manipulated inputs cannot trigger “confidently wrong” changes at scale.
- Increase DDoS readiness as a capacity-management problem. Validate upstream mitigation, protect edge routing, and monitor for congestion signals that precede customer impact. Use threat intelligence to enrich indicators and spot botnet infrastructure early.
- Deploy an EDR capability such as Kaspersky Next EDR Expert to detect advanced threats early, support rapid investigation, and enable effective incident containment and remediation.
About the Global Research & Analysis Team
Established in 2008, Global Research & Analysis Team (GReAT) operates at the very heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware and underground cyber-criminal trends across the world. Today GReAT consists of 35+ experts working globally – in Europe, Russia, Latin America, Asia and the Middle East. Talented security professionals provide company leadership in anti-malware research and innovation, bringing unrivaled expertise, passion and curiosity to the discovery and analysis of cyberthreats.
