Dive Brief:
- The volume of ransomware attacks on telecommunications companies around the world increased fourfold from 2022 to 2025, according to a report that the threat intelligence firm Cyble published this week.
- Cyble also identified 444 incidents involving data theft from telecom firms, including 133 listings of stolen databases that could contain sensitive customer data or operational information.
- Businesses in multiple industries closely track the security posture of the telecom sector because of their need for secure and resilient communications.
Dive Insight:
The nearly fourfold spike in ransomware attacks on the telecom sector — from 24 in 2022 to 90 in 2025 — reflects the industry’s continuing value to cybercriminals because of “its role as critical national infrastructure and its access to high-volume subscriber data,” Cyble said in its report.
Hackers mostly targeted telecom firms to resell customer data or gain a strategy edge over adversary nations, according to the report. The sector also made a tempting target because of its “frequent exposure through internet-facing infrastructure and third-party service dependencies.”
“These various attacks were frequently enabled by the rapid weaponization of critical and zero-day vulnerabilities in internet-facing network equipment,” Cyble said in its report, “while geopolitically motivated hacktivism added another layer of disruption through DDoS attacks and website defacements.”
A handful of major cybercrime gangs conducted most of the ransomware attacks in 2025, the report found, with Qilin leading the pack, followed by Akira and Play. Major victims last year included the British telecom giant Orange, which announced a network disruption in July. Roughly 70% of attacks in 2025 targeted companies in the Americas, according to the report, followed by Europe, the Asia-Pacific region and the Middle East and Africa.
The report offered several examples of cybercriminals selling stolen databases, including a late-2025 dark web post asking $4,000 for administrator credentials to a major U.S. telecom firm’s infrastructure. In another incident, the DragonForce ransomware gang claimed to have stolen more than five terabytes of data from a major U.S. telecom firm, although it did not provide evidence of its claim.
Nation-state hackers have also persistently targeted telecom companies. Government and industry investigators are still unpacking the extent of China’s global Salt Typhoon intrusions, which compromised customer data and information about U.S. wiretap targets.