Cybercrime landscape fragments as new groups emerge

Previously, a single dominant group tended to define the cybercrime landscape. Now, several actors sustain large-scale operations, with the number of distinct actors nearly tripling from 33 to 89 since 2020.

The latest Security Navigator report from Orange Cyber Defense shows that in Europe, victims of Qilin and Akira have risen by 324 percent and 168 percent respectively.

This is in part due to the commoditization of cybercrime as a service, which has drastically lowered the entry costs for attackers, allowing them to multiply and thrive. In addition to lowered entry costs, we are seeing the industrialization of cyber crime with specialized expertise that democratize criminal activity through shared infrastructure, affiliate programs and tool reuse.

The report also finds that cyber extortion (Cy-X) attacks have surged, with a 44.5 percent increase in victims observed between October 2024 and September 2025, as compared to the previous period. This continues a multi-year trend, with the total number of victims more than tripling since 2020 reaching 19,000 victims. Cy-X actors’ operational efficiency has also grown by 18 percent, with the victims-per-actor ratio rising from approximately 45 in 2020 to 53 in 2025.

Two-thirds of Cy-X victims were small-medium-sized-businesses (SMBs), a nine percent increase from the previous year. In the US, small business victims surged by a dramatic 91 percent, showing attackers’ preference for perceived ‘weaker links’ within societies’ economies.

Charl van der Walt, head of security research at Orange Cyberdefense, says, “As attackers diversify across geographies and business sizes, what's clear is that the traditional perception of the 'supply chain' as linear is obsolete. In reality, we exist within a dense web of interdependence where a single weakness can enable mass compromise. Small businesses and critical services have become prime conduits to amplify economic and social consequences. While traditional defences and incremental enforcement are necessary, they are not enough to offset agile adversaries that exploit society's interconnectedness."

Hacktivism has evolved too. becoming a complex ecosystem aligned with state interests and geopolitical conflicts, moving beyond simple protests to real-world disruption and cognitive influence. Major incidents in 2025 include impacts on businesses, large-scale DDoS campaigns, cyber-physical attacks, and targeted disinformation efforts.

The full report is available from the Orange Cyber Defense site.

Image credit: Jakub Jirsak/Dreamstime.com