Kaspersky Security Bulletin reviews what shaped telecom cybersecurity in 2025 and what is likely to persist in 2026. Advanced Persistent Threat (APT) activity, supply-chain compromise, DDoS disruption and SIM-enabled fraud continued to pressure operators in 2025, while newer technology deployments introduce additional operational risk.
In 2025, telecom operators faced four broad threat categories. Targeted intrusions (APTs) continued to focus on gaining stealthy access to operator environments for long-term espionage and leverage through privileged network positioning. Supply chain vulnerabilities remained an entry point: telecom ecosystems rely on many vendors, contractors and tightly integrated platforms, so weaknesses in widely used software and services can provide a path into operator networks. Finally, DDoS remained a practical availability and capacity problem.
Kaspersky Security Network showed that last year, between November 2024 and October 2025, 12,79% of users in the telecommunications sector encountered web threats and 20,76% faced on-device threats. 9,86% of telecom organisations worldwide experienced ransomware.
At the same time, the telecommunications sector is moving from rapid technological development to broad implementation — and the report argues that this shift creates new opportunities and new operational risks for 2026. Kaspersky highlights three areas where technology transitions could introduce disruption if rolled out unevenly or without strong controls: AI-assisted network management, where automation can amplify configuration errors or act on misleading data; post-quantum cryptography transitions, where rushed deployment of hybrid and post-quantum approaches could cause interoperability and performance issues across IT, management and interconnect environments; and 5G-to-satellite integration (NTN), where expanding service footprints and partner dependencies introduce new integration points and potential failure modes.
“The threats that dominated 2025 — APT campaigns, supply chain attacks, DDoS floods — aren’t going away. But now they intersect with operational risks from AI automation, quantum-ready cryptography, and satellite integration. Telecom operators need visibility across both dimensions: maintaining strong defences against known threats while building security into these new technologies from day one. The key is continuous threat intelligence that spans from endpoint to edge to orbit,” said Leonid Bezvershenko, senior security researcher at Kaspersky Global Research & Analysis Team.
To reduce risk and strengthen resilience, Kaspersky experts recommend:
- Track the APT landscape and telecom-relevant infrastructure continuously. Kaspersky Threat Intelligence Portal helps to monitor actor and campaign context, and pair that intelligence with regular security awareness training so employees can recognise suspicious activity and apply security policies consistently.
- Treat AI-driven network automation as a change-management programme. Keep a human override for high-impact actions, roll out in stages with clear rollback paths, and continuously validate the data feeding AI systems so noisy or manipulated inputs cannot trigger “confidently wrong” changes at scale.
- Increase DDoS readiness as a capacity-management problem. Validate upstream mitigation, protect edge routing, and monitor for congestion signals that precede customer impact. Use threat intelligence to enrich indicators and spot botnet infrastructure early.
- Deploy an EDR capability such as Kaspersky Next EDR Expert to detect advanced threats early, support rapid investigation, and enable effective incident containment and remediation.
For more information read the full telecommunications chapter of the Kaspersky Security Bulletin 2025.
