Global threat landscape 2025: messy, crowded, yet deeply interconnected

Check Point Research analyzed cyberattacks observed globally in 2025 and identified features specific to different regions. A brief summary is is provided below, while examples of attacks are available in the article.

⭕ North and South America faced attacks from both high-end cybercrime and state-sponsored groups. The latter targeted the region with their most advanced techniques — exploiting 0-days, attacking cloud services, and running carefully crafted spear-phishing campaigns.

⭕ Europe remained a region with diverse attack motivations — from financial gain to disruption and political influence. The most aggressive activity was tied to the Russia–Ukraine conflict, but actors linked to China and Iran were also active. One campaign even shifted focus from the U.S. to European targets.

⭕ Asia Pacific and Central Asia spent the year under pressure from groups affiliated with China. Their primary goal was cyberespionage; other APT operations in the region have matured in terms of tradecraft and operational security.

⭕ Activity in the MENA region is defined by a complex threat landscape: state-backed APTs and cyber mercenaries (PSOAs) operate alongside destructive wiper attacks. Many campaigns were linked to regional conflicts — notably, activity from actors affiliated with Iran and Palestine targeted Israel.

Despite the diversity of observed activity, several common trends emerged: ✍ Growing interconnection among threat groups: state-sponsored APTs, PSOAs, and high-end criminals increasingly collaborate, sometimes even sharing their network infrastructure. ✍ Advanced techniques are no longer rare: 0-days, cloud attacks, and well-crafted phishing repeatedly featured in goal-driven campaigns. ✍ Fewer new tools — more creative use of known techniques: attackers keep their old tradecraft but adapt campaigns to new regions and objectives.

The blurring line between state-sponsored operations and broader cybercrime means that advanced techniques and complex attack scenarios are becoming the new normal. In this environment, effective defense is possible only through unified effort — companies, researchers, and vendors must strengthen data sharing, coordinate response, and collaboratively develop security measures.

💬 Discuss