A new chapter of the Kaspersky Security Bulletin looks at what shaped telecom cybersecurity in 2025 and what is likely to persist in 2026. APT activity, supply-chain compromise, DDoS disruption and SIM-enabled fraud continued to pressure operators in 2025, while newer technology deployments introduce additional operational risk.
In 2025, telecom operators faced four broad threat categories. Targeted intrusions (APT) continued to focus on gaining stealthy access to operator environments for long-term espionage and leverage through privileged network positioning. Supply chain vulnerabilities remained an entry point: telecom ecosystems rely on many vendors, contractors and tightly integrated platforms, so weaknesses in widely used software and services can provide a path into operator networks. Finally, DDoS remained a practical availability and capacity problem.
Between November 2024 and October 2025, Kaspersky Security Network shows 12.79% of users in the telecommunications sector encountered web threats and 20.76% faced on-device threats. Over the same period, 9.86% of telecom organizations worldwide experienced ransomware.
At the same time, the telecommunications sector is moving from rapid technological development to broad implementation — and the report argues that this shift creates new opportunities and new operational risks for 2026. Kaspersky highlights three areas where technology transitions could introduce disruption if rolled out unevenly or without strong controls: AI-assisted network management, where automation can amplify configuration errors or act on misleading data; post-quantum cryptography transitions, where rushed deployment of hybrid and post-quantum approaches could cause interoperability and performance issues across IT, management and interconnect environments; and 5G-to-satellite integration (NTN), where expanding service footprints and partner dependencies introduce new integration points and potential failure modes.
“The threats that dominated 2025 — APT campaigns, supply chain attacks, DDoS floods — aren’t going away. But now they intersect with operational risks from AI automation, quantum-ready cryptography, and satellite integration. Telecom operators need visibility across both dimensions: maintaining strong defenses against known threats while building security into these new technologies from day one. The key is continuous threat intelligence that spans from endpoint to edge to orbit,” — said Leonid Bezvershenko, senior security researcher at Kaspersky GReAT.
