The CyberThreat Report: April 2025

Of APT activity directed at the U.S., 47% was attributed to China and 35% to Russia-aligned groups.

AI-based tools for sale in the cybercriminal underground were found for as little as 30 cents USD

The technology sector saw a 119% increase in APT-related detections in Q1 2025 compared to Q4 2024.

Global threat detection volume from APT actors rose 45% from Q4 2024 to Q1 2025.

China-aligned APT41 showed a 113% increase in activity in Q1 2025 relative to the previous quarter.

Advanced persistent threat (APT) detections targeting the U.S. in Q1 2025 were 2.4 times or 136% higher than the level seen the prior quarter.

China's APT40 and Mustang Panda generated 46% of all detected APT activity.

Russia-aligned APT29 (Midnight Blizzard) directed most of its activities towards transportation and shipping (55%) and telecommunications (40%).

APT detections targeting the telecommunications sector increased 92% in Q1.

The U.S. was the reported victim in 58% of ransomware posts.