Government and industrial organizations were the primary targets of high-severity cyber incidents in 2025, according to findings from Kaspersky’s report. The government sector accounted for 19% of incidents for the second consecutive year, followed by the industrial sector at 17% , while the IT sector ranked third at 15%, replacing finance among the top three targeted industries.
Kaspersky: Cyberattacks Target Governments Primarily
Within the government sector, advanced persistent threats (APT) represented 33.3% of incidents, while social engineering accounted for 18.9% of cases. In particular, threat intelligence data identified activity from hacking groups such as Lazarus, Naikon, and ToddyCat – some of which are potentially state-backed – targeting government networks, infrastructure, and enterprise systems in the Southeast Asia region.
In the industrial sector, incidents were more evenly distributed across threat types, with APT accounting for 17.8%, malware at 14.9%, and social engineering at 13.9%. Red teaming (essentially, penetration testing with simulated attacks to test security) activities made up 22.8% of recorded incidents, meaning these are “benign” cases – and it reflects the industrial users are upping their cybersecurity measures to keep data and infrastructure safe from attacks.
The third-place IT sector showed a higher concentration of APT activity, with 41% of incidents attributed to human-driven attacks, alongside 17% linked to residual traces of previous intrusions and 11% involving social engineering; however, red teaming only accounted for 9% of incidents in this case. While the finance sector did not rank among the top three targeted industries, red teaming did account for 36.1% of its incidents, while confirmed APTs are only at 11.5%, suggesting a higher level of preventive security measures.
“Government, industrial and IT organizations consistently attract sophisticated adversaries because of the strategic value of what they hold, operate and connect to geopolitical intelligence, critical infrastructure and global supply chains respectively,” said Sergey Soldatov, Head of Security Operations at Kaspersky. “Each of these sectors needs to operate on the assumption that determined attackers will find a way in, and focus their defenses on early detection, rapid containment and minimizing the window of exposure.”
Pokdepinion: It’s not just financial incentives that attract hackers – political incentives are increasingly prominent in recent hacking activities, too.
