Geopolitical Tension Fuels APT and Hacktivism Surge

Geopolitical instability drove an increase in state-backed advanced persistent threat (APT) attacks and hacktivism, as well as an increase in ransomware-as-a-service (RaaS) activity last year, according to Group-IB.

The threat intelligence specialist published its High-Tech Crime Trends 2025 report today based on proprietary research, intelligence gathering and real-world cybercrime investigations.

It revealed a 58% annual increase in state-sponsored APT incidents, with Europe (18%) seeing the biggest surge regionally, followed by MEA (4%).

Given that many of these attacks were fuelled by conflicts including Russia-Ukraine, it’s perhaps not surprising that government and military (16%) was the most targeted sector, followed by manufacturing (5%).

The same geopolitical tensions could explain an increase in hacktivism. APAC (39%) and Europe (36%) accounted for the majority of activity in 2024, with Ukraine the top target for such attacks in Europe, comprising 17% of its total.

Once again, government and military (6%) was the hardest-hit sector, followed by manufacturing (4%).

Read more on geopolitical activity: Geopolitical Tensions Drive Explosion in DDoS Attacks.

With many RaaS affiliates and developers sheltering in former Soviet states, an increase in activity here could also be linked to the geopolitical landscape. Group-IB recorded a 44% increase in ads seeking to recruit affiliates, and a 10% rise in data leak victims.

Elsewhere, Europe was also hammered by fraud in 2024. Group-IB detected over 200,000 fraudulent “resources” globally last year, a 22% year-on-year (YoY) increase. Europe’s financial services sector accounted for 34% of all scams in the region.

The Dark Web Rises

Fuelling all of this criminal activity is the work of initial access brokers (IABs) and the huge volumes of personal information and credentials flooding the dark web.

The report noted a 15% annual increase in IAB operations last year, rising to 32% in Europe and 43% in North America. Group-IB also claimed to have recorded a massive 6.4 billion data strings – including email addresses, passwords and financial data – that were leaked globally in 2024.

Interestingly, many of the old techniques continue to bear fruit. Phishing was the most common initial access vector in 2024, even as newer TTPs emerged. The number of deepfake services advertised on Telegram increased by 40%, for example.

Group-IB CEO, Dmitry Volkov, warned of the “relentless expansion” of the dark web economy.

“Cybercriminals are not just exploiting vulnerabilities – they are weaponizing geopolitical instability to cripple critical industries worldwide. APTs, data breaches, phishing and ransomware do not occur in isolation, they feed off each other, forming a vast, interconnected threat network,” he added.

“The need to build resilient cybersecurity communities and adopt advanced security strategies has never been more critical to fight these threats before they evolve further. There is no time to waste – organizations must take proactive steps now to stay ahead of malicious actors.”