2025 Threat Landscape & 2026 Outlook Report
AhnLab has published its “2025 Threat Landscape & 2026 Outlook” report.
This report draws on security content delivered through AhnLab’s threat intelligence platform, AhnLab TIP, examining major security issues and trends from Q4 2024 through Q3 2025 and providing an outlook on cyber threats anticipated in 2026.
The report is structured as follows:
Part 1. 2025 Cyber Threat Landscape
The 2025 Cyber Threat Landscape section reviews:
- major domestic and global security incidents
- threat group trends
- ransomware trends
- other key threat trends
- attack statistics

1. Major Domestic and Global Security Incidents
This chapter presents a chronological analysis of the major cyber incidents that occurred during the year, including domestic cases such as telecommunications breaches and ransomware infections in financial institutions, as well as global cases such as U.S. telecom-government–linked attacks and the ransomware attack on Japan’s Asahi Group.
2. Threat Group Trends
This section examines the top nine threat group trends observed on the dark web and provides detailed analyses of the attack patterns of major APT groups from six countries, including North Korea, China, and Russia.
3. Ransomware Trends
First, the report reviews notable developments in the ransomware landscape over the past year.
It also presents the Top 10 ransomware groups, along with statistical analysis of the industries and countries most significantly impacted.
4. Other Key Threat Trends
This chapter analyzes noteworthy trends across various threat categories—malware, attack techniques, vulnerabilities, and mobile threats—organized by topic.
5. Attack Statistics
This section provides statistical insights into the most prevalent attack types and industry-specific attack trends observed throughout the year.
Part 2. 2026 Outlook
The report highlights the Top 5 anticipated cyber threat trends for 2026, summarized below:
1. The Widespread Expansion of AI-Powered Cyberattacks
AI-driven, highly customized attacks and techniques targeting AI models themselves are expected to become more sophisticated.
2. Growth and Intensification of Ransomware Attacks
Fragmentation of the ransomware ecosystem—with numerous small groups operating and forming cartels—is expected to continue, with increasing attacks particularly targeting small and medium-sized businesses.
3. Supply Chain Attacks Exploiting the Open-Source Ecosystem
Attackers will continue to exploit the open-source ecosystem, carrying out supply chain attacks across software, cloud, hardware, and other domains.
4. Increasing Threats to National Critical Infrastructure
Escalating geopolitical tensions are expected to result in more frequent attacks on national critical infrastructure. As IT and OT converge, CPS (Cyber-Physical System) security will become even more crucial.
5. Rising Linux Threats
Linux servers—home to critical business data—will remain prime targets in 2026. As threats to national infrastructure increase, Linux threats will likely grow in parallel.
For a complete analysis, please refer to the full report below:
