Cyber Threats Escalate: Government Sector Under Siege
Cybercrime Surge Hits Government Sector Hardest in 2025
A recent analysis of cyberattack campaigns in 2025 revealed that government agencies faced the highest volume of attacks, with 274 campaigns targeting the sector. This finding is part of a broader report by HPE Threat Labs, which tracked 1,186 active campaigns across various industries between January 1 and December 31, 2025.
Targeted Sectors
The data shows that government agencies were the most targeted sector, followed by financial services with 211 campaigns, technology companies with 179, and defense with 98. Other sectors, such as manufacturing, telecommunications, healthcare, education, and transportation, also experienced significant attack volumes.
Emerging Threats
The surge in cyberattacks is attributed to the increasing use of artificial intelligence and automation by threat actors. Attackers are leveraging platforms like Telegram to coordinate automated workflows, enabling them to extract stolen data in real-time. Additionally, the use of generative AI to create synthetic voices and deepfake videos has become more prevalent in targeted vishing attacks and executive impersonation scams.
Types of Campaigns
Ransomware was the leading type of campaign, accounting for 22% of all attacks. Infostealer activity represented 19%, followed by phishing at 17%. Remote Access Trojans (RAT) and malware accounted for 11% and 9%, respectively.
Scale of Malicious Activity
The report also highlights the scale of malicious activity, with 147,087 malicious domains, 65,464 malicious URLs, 57,956 malicious files, and 47,760 IP addresses identified. Attackers exploited 549 distinct vulnerabilities during the year, with telemetry from a global deception network recording 44.5 million connection attempts from 372,800 unique source IP addresses.
Exploited Vulnerabilities
The most frequently exploited vulnerabilities included CVE-2017-17215, CVE-2023-1389, CVE-2014-8361, CVE-2017-9841, and CVE-2023-26801. Attack pattern data showed a focus on exposed services and known weaknesses, with digital video recorder (DVR) Shell remote code executions (RCEs) being the most common, followed by Huawei router exploits and Docker application programming interface (API) abuses.
Conclusion
The report’s findings underscore the need for organizations to prioritize cybersecurity and stay ahead of emerging threats. As attackers continue to innovate and scale their operations, it is essential for defenders to remain vigilant and proactive in their security efforts.
Note that I’ve wrapped the important quote in a `div` with the specified styles,
About Author
English