Positive Technologies reports Russia among the top three countries facing the highest volume of cyberattacks

According to research by Positive Technologies, Russia was one of the three most frequently targeted countries for cyberattacks in 2025, alongside the United States and China. Researchers recorded the activity of 57 cybercrime groups targeting CIS nations. The primary objectives of these threat actors remained data exfiltration, industrial espionage, sabotage, and financial gain. Furthermore, cybercriminals actively leveraged artificial intelligence and unconventional tools to generate phishing campaigns and deepfakes during their attacks.

The majority of all cyberattacks in the CIS region targeted three countries: Russia (46%), Belarus (11%), and Kazakhstan (8%). Experts attribute this concentration to regional geopolitical dynamics, the scale of economic activity, and population size. Advanced persistent threat (APT) groups were the most frequent attackers in the CIS, with hacktivists accounting for just 19% of the region's incidents. This distribution occurs because politically motivated threat actors are often either subordinated to state-sponsored groups or displaced by them, effectively acting as proxies.

In 2025, Positive Technologies experts tracked 123 cybercrime groups operating across the CIS region, 57 of which were active in Russia. The most prolific threat actors included Rare Werewolf, Lifting Zmiy, PhantomCore, Cyber Partisans, Silent Crow, and TA558. Their primary targets were industrial enterprises, government agencies, and financial institutions, with these three sectors accounting for nearly 50% of all attacks. Notably, the industrial sector was targeted by the majority of the active groups. The impact of these cybercrimes varied widely, ranging from massive data breaches to the direct disruption of critical infrastructure.

In 2025, phishing and the exploitation of public-facing applications remained the leading initial access vectors globally. Notably, threat actors increasingly leveraged artificial intelligence to craft highly convincing phishing lures and generate malware. For instance, the Rare Werewolf threat group deployed custom, AI-developed malicious modules in targeted attacks against the aviation and radio manufacturing sectors. The fallout from these intrusions extends beyond data theft, often resulting in cryptojacking, where attackers hijack corporate computing resources to mine cryptocurrency undetected. Similarly, the Goffee cybercrime syndicate utilized neural networks to facilitate attacks on Russian defense contractors.

Experts anticipate that the elevated activity of APT groups and hacktivists in the region will persist throughout 2026. Even if current conflicts de-escalate, threat actors are expected to pivot their focus toward industrial espionage and intelligence gathering. Cybercriminals will heavily leverage vast troves of previously compromised credentials to launch new unauthorized access attempts. Additionally, major public events scheduled to take place across the CIS countries in 2026 are likely to broaden the attack surface.

Against this backdrop, the CIS cybersecurity market is poised for robust growth. Industry forecasts project a compound annual growth rate (CAGR) of 5.97% between 2024 and 2029, with the market's total value expected to reach $5.52 billion by the end of the forecast period.