A new chapter of the Kaspersky Security Bulletin looks at what shaped telecom cybersecurity in 2025 and what is likely to persist in 2026. APT activity, supply-chain compromise, DDoS disruption and SIM-enabled fraud continued to pressure operators in 2025, while newer technology deployments introduce additional operational risk, a press release said.
In 2025, telecom operators faced four main threat categories. APT-driven intrusions targeted operator environments for stealthy, long-term access and strategic leverage, while supply-chain vulnerabilities in complex vendor ecosystems continued to provide entry points into core networks. DDoS attacks also remained a practical challenge, disrupting network availability and capacity.
Data from Kaspersky Security Network underscores the scale of telecom exposure. Between November 2024 and October 2025, 12.79% of users encountered web-based threats, 20.76% faced on-device threats, and 9.86% of telecommunications organizations worldwide experienced ransomware incidents. In 2025, threat activity also affected 32.18% of Windows users and 27.81% of macOS users in the telecommunications sector, highlighting the continued financial and operational impact of cybercrime across platforms.
As the telecommunications sector moves from rapid development to large-scale implementation, the report warns that new opportunities also bring heightened operational risk in 2026. Kaspersky highlights three transition areas that could introduce disruption without strong controls: AI-assisted network management, where automation can magnify configuration errors or misleading data; post-quantum cryptography, where rushed hybrid deployments may create interoperability and performance issues; and 5G-to-satellite integration (NTN), which expands service reach but adds new dependencies and potential failure points.
“The threats that dominated 2025 — APT campaigns, supply chain attacks, DDoS floods — aren’t going away. But now they intersect with operational risks from AI automation, quantum-ready cryptography, and satellite integration. Telecom operators need visibility across both dimensions: maintaining strong defenses against known threats while building security into these new technologies from day one. The key is continuous threat intelligence that spans from endpoint to edge to orbit,” said Leonid Bezvershenko, senior security researcher at Kaspersky GReAT.
The full telecommunications chapter is available in the Kaspersky Security Bulletin 2025.
To reduce risk and strengthen resilience, Kaspersky experts advise telecom operators to continuously monitor the APT landscape and critical infrastructure using threat intelligence, supported by regular security awareness training. AI-driven network automation should be treated as a structured change-management process, with human oversight for high-impact actions, phased rollouts, and continuous validation of input data. Operators are also encouraged to strengthen DDoS readiness by validating upstream mitigation, protecting edge routing, and monitoring early congestion signals, while deploying advanced endpoint detection and response (EDR) capabilities to enable early threat detection, rapid investigation, and effective incident containment.
