Research Report
Threat Response ◦ New Trend

2025 Threat Landscape & 2026 Outlook Report

AhnLab has published its “2025 Threat Landscape & 2026 Outlook” report.


This report draws on security content delivered through AhnLab’s threat intelligence platform, AhnLab TIP, examining major security issues and trends from Q4 2024 through Q3 2025 and providing an outlook on cyber threats anticipated in 2026.



▶ Download Report


The report is structured as follows:


Part 1. 2025 Cyber Threat Landscape


The 2025 Cyber Threat Landscape section reviews:


  • major domestic and global security incidents
  • threat group trends
  • ransomware trends
  • other key threat trends
  • attack statistics



1. Major Domestic and Global Security Incidents

This chapter presents a chronological analysis of the major cyber incidents that occurred during the year, including domestic cases such as telecommunications breaches and ransomware infections in financial institutions, as well as global cases such as U.S. telecom-government–linked attacks and the ransomware attack on Japan’s Asahi Group.


2. Threat Group Trends

This section examines the top nine threat group trends observed on the dark web and provides detailed analyses of the attack patterns of major APT groups from six countries, including North Korea, China, and Russia.


3. Ransomware Trends

First, the report reviews notable developments in the ransomware landscape over the past year.

It also presents the Top 10 ransomware groups, along with statistical analysis of the industries and countries most significantly impacted.


4. Other Key Threat Trends

This chapter analyzes noteworthy trends across various threat categories—malware, attack techniques, vulnerabilities, and mobile threats—organized by topic.


5. Attack Statistics

This section provides statistical insights into the most prevalent attack types and industry-specific attack trends observed throughout the year.




Part 2. 2026 Outlook

The report highlights the Top 5 anticipated cyber threat trends for 2026, summarized below:


1. The Widespread Expansion of AI-Powered Cyberattacks

AI-driven, highly customized attacks and techniques targeting AI models themselves are expected to become more sophisticated.


2. Growth and Intensification of Ransomware Attacks

Fragmentation of the ransomware ecosystem—with numerous small groups operating and forming cartels—is expected to continue, with increasing attacks particularly targeting small and medium-sized businesses.


3. Supply Chain Attacks Exploiting the Open-Source Ecosystem

Attackers will continue to exploit the open-source ecosystem, carrying out supply chain attacks across software, cloud, hardware, and other domains.


4. Increasing Threats to National Critical Infrastructure

Escalating geopolitical tensions are expected to result in more frequent attacks on national critical infrastructure. As IT and OT converge, CPS (Cyber-Physical System) security will become even more crucial.


5. Rising Linux Threats

Linux servers—home to critical business data—will remain prime targets in 2026. As threats to national infrastructure increase, Linux threats will likely grow in parallel.




For a complete analysis, please refer to the full report below:


▶ Download Report