Hacktivists and cybercriminals have increasingly focused on industrial control systems, operational technology, and AI environments, according to Cyble Research & Intelligence Labs. Exposed human-machine interface and SCADA systems remain primary targets, while enterprise AI platforms face exploitation through prompt injection, memory poisoning, and compromised supply chains. These tactics are transforming AI-driven automation into a significant attack vector, merging traditional cybercrime techniques with modern automation vulnerabilities.
Ransomware has emerged as the most disruptive threat, spreading across critical sectors and frequently adopting extortion-only models. Integration with AI has enhanced the speed and sophistication of attacks, enabling automated negotiations, polymorphic malware, and adaptive intrusion chains. Attack campaigns have blended technical and social engineering techniques, combining multi-stage phishing, SEO poisoning, and malvertising with AI-generated deepfake lures and advanced malware. Cyble reported approximately 10,000 new members joining DarkForums monthly since mid-2025, with concurrent user activity approaching levels seen on larger platforms like BreachForums.
The escalation of attacks on ICS and OT systems was underscored by 2,451 vulnerabilities disclosed by 152 vendors between December 2024 and November 2025. Hacktivist groups, including Z-Pentest, Dark Engine, and Sector 16, targeted HMIs, web-based SCADA interfaces, and increasingly building management and IoT devices. Europe experienced high concentrations of activity from pro-Russian hacktivist groups, affecting Spain, Italy, the Czech Republic, France, Poland, and Ukraine. The targeting pattern reflects a shift toward exploiting operational systems directly, with VNC compromises posing serious operational risks for industrial environments.
Ransomware activity surged 355 percent between 2020 and 2025, with nearly 6,500 incidents reported in 2025. Cyble identified 57 new ransomware groups, 27 extortion-only operations, and more than 350 new ransomware strains, including MedusaLocker, Chaos, and Makop derivatives. Multiple ransomware groups repeatedly targeted the same victims, indicating affiliate operations across several RaaS platforms. Prominent recurring targets included entities hit by Cl0p, Qilin, Lynx, INC Ransom, Play, Lockbit, and Crypto24. Despite intensified law enforcement actions, insider recruitment and EaaS rebranding persisted, highlighting the adaptability of ransomware operations.
Critical sectors such as semiconductor manufacturing, healthcare, telecom, and logistics continued to experience high-impact attacks. Semiconductor facilities in Taiwan and the U.S. faced sustained targeting, while hospitals and telecom providers experienced repeated attacks exposing sensitive data, increasing extortion pressure. Vulnerabilities affecting transportation and logistics, including EV charging, fueling, fleet management, and rail systems, revealed operational and safety risks. Flaws in platforms like Dover Fueling Solutions ProGauge MagLink, Kaleris Navis N4, and Radiometrics VizAir could enable unauthorized system control, posing threats to global logistics, rail safety, and EV infrastructure.
The phishing landscape also evolved, with platform abuse, industrial-scale kits, and exploitation of cloud and OAuth authentication flows becoming dominant. Phishing-as-a-service platforms and modern kits like Lighthouse, Lucid, Sneaky2FA, and Axios have industrialized attacks, enabling low-skill operators to conduct global campaigns. Supply chain attacks expanded beyond traditional software poisoning to target cloud integrations, SaaS trust networks, and vendor pipelines, highlighting how a single weak link can compromise numerous downstream organizations. The trends underscore a growing convergence of technical sophistication, AI exploitation, and cross-sector targeting across critical infrastructure.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
