51% of threat actor updates in H1 2025 were attributed to cybercriminals, such as ransomware groups.

40% of threat actor updates in H1 2025 were attributed to state-sponsored groups.

9% of threat actor updates in H1 2025 were attributed to hacktivists.

Qilin saw a significant rise in Q2 2025 with 151 attacks, up from 95 attacks in Q1.

SafePay dropped to fourth place of most active threat groups in June 2025 with 27 attacks.

The Handala ransomware group, a pro-Palestine group, targeted 17 Israeli organisations between 14th and 30th June 2025. These attacks coincided with the 12-day Iran-Israel war.

Qilin was the most active threat group in June 2025, responsible for 16% of all attacks, which amounted to 60 cases.

Qilin ranked as the third most active threat group in May 2025 with 42 attacks.

Play dropped to third place of most active threat groups in June 2025 with 29 attacks.

Akira was the second most active threat group in June 2025, with 31 attacks, rising from fourth place in May.

In El Salvador, threat actors make 20x more targeting gaming companies compared to those working as software developers.

The top countries of origin of attacks are the United States, Vietnam, Great Britain, Germany, and Thailand.

A 48% spike in sign-up attacks occurred in the third quarter of 2024, aligning with major events like the Super Bowl and U.S. elections.

A single bad actor targeting just 5 gaming platforms with account takeover scams can pocket an average of US$145,176.

The top three attack points used are account sign-up, sign-in, and account management

Five of the most targeted industries are technology, social media, gaming, retail, and fintech.

During the busy holiday shopping season in the fourth quarter of 2024, sign-up attacks jumped 309%.

4 out of top 10 vulnerabilities most mentioned on the dark web are linked to sophisticated threat actors.