Skip to main content
HomeTopicsThreat Actors

Threat Actors

Cybersecurity statistics about threat actors

Showing 1-20 of 44 results

More than half of SafePay's ransomware activity in Europe targeted German organisations.

Black Kite6/28/2026
RansomwareGermany

The Qilin ransomware group was linked to ransomware incidents in 26 of the 31 countries analysed.

Black Kite6/28/2026
RansomwareGeographic Distribution

Qilin was responsible for 59 finance-sector incidents in the past year.

Black Kite6/6/2026
RansomwareQilin

Least-skilled threat actors used about 16 distinct techniques on average, while the most skilled used about 20.

Anthropic6/6/2026
TacticsAI in Cybercrime

The number of distinct threat groups targeting finance increased from 37 in 2023 to 45 in 2024 and to 48 in 2025.

Black Kite6/6/2026
Financial Services

The share of actors classified as medium risk or higher increased from 33% in the first six-month period to 56% in the second six-month period, a roughly 1.7-fold increase.

Anthropic6/6/2026
Risk AssessmentAI in Cybercrime

79 ransomware groups claimed victims during Q1 2026.

BlackFog5/27/2026
Ransomware

In 2025, cybercriminal groups led threat activity in North America with 52%.

Cognyte5/27/2026
North America

The Gentlemen ransomware group increased from 35 victims in Q4 2025 to 182 victims in Q1 2026.

GuidePoint Security5/27/2026
RansomwareRaaS

Activity from the Qilin ransomware group declined by 25% and activity from the Akira ransomware group declined by 22%.

GuidePoint Security5/27/2026
RansomwareRaaS

In 2025, the Qilin group was responsible for 12.8% of ransomware attacks.

Cognyte5/27/2026
RansomwareQilin

129 ransomware groups were active during 2025.

Ontinue5/27/2026
RansomwareRansomware Groups

Threat actors deployed more than 147,000 malicious domains, nearly 58,000 malware files, and actively exploited 549 vulnerabilities in 2025.

2026 In the Wild Threat Report5/27/2026
Malicious DomainsMalware

Median dwell time for cyber espionage incidents and North Korean IT worker incidents was 122 days.

Mandiant5/27/2026
Cyber EspionageDwell Time

AI-related illicit discussions increased by 1,500% between November and December 2025.

Flashpoint5/27/2026
Artificial IntelligenceCybercrime

AI-enabled adversaries increased their operations by 89% year-over-year.

CrowdStrike5/27/2026
AI-Enabled AdversariesAI

95% of Chief Information Security Officers (CISOs) cite the growing sophistication of threat actor capabilities as their greatest risk.

Splunk5/27/2026
Cybersecurity Risk

Scattered Spider accounted for 42.9% of all actor-related alerts in the second half of 2025.

Nozomi Networks2/22/2026
RansomwareScattered Spider

71% of incidents in the Automotive and Smart Mobility ecosystem are attributed to black hat actors, up from 65% in 2024.

Upstream2/22/2026
Black Hat ActorsAutomotive

The hacktivist group NoName057 (16) claimed 4,693 attacks, the highest number claimed by a single hacktivist entity.

Radware Ltd.2/22/2026
HacktivismNoName057 (16)