Kaspersky Security Bulletin reviews what shaped telecom cybersecurity in 2025 and what is likely to persist in 2026.
Advanced Persistent Threat (APT) activity, supply-chain compromise, DDoS disruption and SIM-enabled fraud continued to pressure operators in 2025, while newer technology deployments introduce additional operational risk.
In 2025, telecom operators faced four broad threat categories. Targeted intrusions (APTs) continued to focus on gaining stealthy access to operator environments for long-term espionage and leverage through privileged network positioning.
Supply chain vulnerabilities remained an entry point: telecom ecosystems rely on many vendors, contractors and tightly integrated platforms, so weaknesses in widely used software and services can provide a path into operator networks. Finally, DDoS remained a practical availability and capacity problem.
Kaspersky Security Network showed that last year, between November 2024 and October 2025, 12,79% of users in the telecommunications sector encountered web threats and 20,76% faced on-device threats. 9,86% of telecom organisations worldwide experienced ransomware.
At the same time, the telecommunications sector is moving from rapid technological development to broad implementation — and the report argues that this shift creates new opportunities and new operational risks for 2026.
Kaspersky highlights three areas where technology transitions could introduce disruption if rolled out unevenly or without strong controls: AI-assisted network management, where automation can amplify configuration errors or act on misleading data; post-quantum cryptography transitions, where rushed deployment of hybrid and post-quantum approaches could cause interoperability and performance issues across IT, management and interconnect environments; and 5G-to-satellite integration (NTN), where expanding service footprints and partner dependencies introduce new integration points and potential failure modes.
“The threats that dominated 2025 — APT campaigns, supply chain attacks, DDoS floods — aren’t going away. But now they intersect with operational risks from AI automation, quantum-ready cryptography, and satellite integration.
Telecom operators need visibility across both dimensions: maintaining strong defences against known threats while building security into these new technologies from day one. The key is continuous threat intelligence that spans from endpoint to edge to orbit,” said Leonid Bezvershenko, senior security researcher at Kaspersky Global Research & Analysis Team.
