Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Group-IB’s High-Tech Crime Trends Report 2025 exposes how global events fuel regional and local threats

Media Center Press Releases
February 26, 2025 · 3 min to read
Group-IB’s High-Tech Crime Trends Report 2025
High-Tech Crime Trends Report

Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announced today the launch of its highly anticipated High-Tech Crime Trends Report 2025, offering a comprehensive analysis of the evolving cyber threat landscape. The report highlights how state-sponsored espionage, ransomware, underground marketplaces, and AI-driven cybercrime are feeding into one another, creating a self-sustaining cycle of digital threats.

Unravelling the Web of Cybercrime

Interconnectivity of cybercrime and geopolitics

The proliferation of Advanced Persistent Threats (APTs) has intensified global cyber risks, with a 58% increase in APT-attributed attacks recorded in 2024. In Europe, APT28 and Gamaredon focused on government, energy, and military sectors amid geopolitical tensions. The Middle East & Africa saw increased activity from the likes of OilRig and MuddyWater, targeting financial services and energy. Asia-Pacific faced threats from APT10, which attacked IT and manufacturing, while the notorious Lazarus Group intensified cryptocurrency theft, and DarkPink infiltrated government and military networks. North America was targeted by Dark Halo, which launched cyber espionage campaigns against IT, financial services, and defense sectors. In Latin America, APT10 expanded operations in Brazil, attacking telecommunications and financial institutions​.

The intelligence and access gained through APT campaigns frequently serve as an entry point for broader cybercriminal activities. Initial Access Brokers (IABs), whose operations increased by 15% in 2024, facilitate this transition by selling compromised network access to the highest bidder. These illicit transactions often serve ransomware groups, financially motivated threat actors, and other criminal enterprises, allowing them to circumvent traditional security perimeters and escalate their attacks more efficiently.

This growing reliance on IABs has contributed to the expansion of ransomware operations, which remain among the most lucrative forms of cybercrime. Ransomware attacks increased by 10% in 2024, fueled by the Ransomware-as-a-Service (RaaS) model. Group-IB recorded a 44% rise in underground recruitment efforts for ransomware affiliates, demonstrating the industrialization of cyber extortion. In 2024 alone, 5,066 ransomware incidents resulted in data leaks on Dedicated Leak Sites (DLS), underscoring the widespread impact of these attacks on businesses and institutions worldwide.

The ramifications of ransomware extend beyond financial extortion. Data breaches and leaks, which saw 6.4 billion compromised records in 2024, have flooded cybercriminal marketplaces with sensitive information. Credentials, email addresses, and financial data are readily available for exploitation, further fueling cyber fraud, identity theft, and secondary attacks. The accessibility of such information has contributed to a surge in phishing attacks, which increased by 22% in 2024. Cybercriminals are now leveraging AI-generated deepfake technology to enhance the credibility of their phishing campaigns, making traditional detection mechanisms increasingly ineffective.

In parallel, hacktivist groups have escalated their cyber operations, often exploiting security vulnerabilities exposed by broader cybercriminal activity. Throughout 2024, politically motivated cyber actors engaged in Distributed Denial-of-Service (DDoS) attacks, website defacements, and large-scale data leaks, targeting entities aligned with geopolitical adversaries. India, in particular, emerged as a primary target, as its diplomatic stance on international conflicts provoked retaliatory cyber campaigns from various hacktivist factions.

“The High Tech Crime Trends report illustrates that cybercrime is not a series of random incidents—it is a chain reaction where each attack strengthens the next. Geopolitics is destabilized by espionage, which is fueled by data breaches, while at the same time ransomware exploits these breaches, all contributing to an ever-growing cyber threat landscape. Organizations must adopt proactive security strategies, fortify cyber resilience, and recognize that every cyber threat feeds into a larger, interconnected battle. To mitigate these threats, we must disrupt the cycle by enhancing cooperation and building a global framework to fight against cybercrime.”

Dmitry Volkov

CEO of Group-IB

To gain further insight into these findings, the full High-Tech Crime Trends 2025 report is available here.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Read next
Top Women in Security ASEAN Awards 2025
November 13, 2025
Group-IB’s High-Tech Crime Investigations team triumphs at Top Women in Security ASEAN Awards 2025
October 21, 2025
Group-IB launches Asia-Pacific’s first Cyber Fusion Center in Singapore
October 9, 2025
Group-IB Intelligence Powers Spanish Guardia Civil Operation to Dismantle the “GXC Team” Cybercrime Syndicate
September 30, 2025
Group-IB and Cyber Samurai join forces to enhance cyber resilience in the DACH region
September 26, 2025
Group-IB supports INTERPOL’s “Operation Contender 3.0”, leading to the arrest of 260 suspects in Africa
September 25, 2025
Group-IB Unites Partners to Strengthen Turkey’s Cybersecurity Landscape
Go to all Press Releases →