Cybercriminals are rapidly adopting AI-powered tools while nation-state hackers increasingly collaborate with financially motivated groups, according to Trellix's latest threat report covering April-September 2025.
The industrial sector bore the brunt of attacks, accounting for 36.57% of all ransomware victims. Qilin emerged as the dominant ransomware group after RansomHub's collapse, responsible for 441 victim posts and showing a clear preference for industrial targets.
The report documented the first AI-powered infostealer, LameHug, attributed to Russian APT28 hackers. This malware uses large language models to generate dynamic attack commands, marking a significant shift from theoretical AI threats to operational weapons.
Geopolitical tensions drove cyber activity spikes, particularly during Taiwan Strait military exercises in April and Israel-Iran conflicts in June. PowerShell remains the top attack vector, used in 77.7% of ransomware campaigns.
Source: Industrial Cyber