Hackers began to actively infect companies with malware

In the second quarter of 2025, one Russian organization accounted for an average of more than 160 malware infections, which is 20% more than in the previous quarter. At the same time, hackers used malware not only for espionage, but also to make money from stolen data, mostly in healthcare, the public sector, the fuel and energy sector, and industry. Such conclusions follow from a report by Solar Group of Companies, an architect of integrated cybersecurity, based on an analysis of data from the largest sensor network in the Russian Federation, which Izvestia has reviewed.

In the second quarter of 2025, the total number of organizations in which VPO infections were recorded decreased by 23% (to 17 thousand). At the same time, the average number of infections per company increased by 20% (to 162). On the one hand, the number of victim companies is decreasing due to the effect of the summer season: both attackers and information security personnel are less active, which neutralize attacks more slowly. However, according to experts, the situation may change in September.: The intensity of attacks will decrease, but the number of attacked organizations will increase.

Most malware infections in the 2nd quarter of 2025 were recorded in the industries of industry (36%), healthcare (18%), education (13%) and fuel and energy (11%). The rest were in the IT industry (10%), the public sector (7%), finance (5%) and telecom (2%). A similar distribution was observed at the beginning of the year.

However, in July-August, the situation began to change – the share of HPE infections in healthcare increased by a quarter compared to Q1 (to 27%), and in the public sector – almost doubled (to 17%), which is why it took the second place among the most attacked industries. Hackers also show a steady interest in industry (19%) and fuel and energy sector (16%).

In July-August, the average number of attacks on one organization from the public sector increased by almost 30%, to 89. The increased interest of hackers in the industry is due to current geopolitical events and the traditional activation of professional hacker groups in the second half of the year.

Code breaks: over 85 million phone numbers have been leaked to the network since the beginning of the year

Attackers can be not only hackers, but also employees of banks, departments and organizations.

At the beginning of the 3rd quarter, experts recorded changes in the top common threats. The infrastructures of Russian companies have become more often subjected to targeted cyber attacks by APT hackers. The main purpose of intruders is still espionage, but now it is also for the purpose of making money.

"The fact is that it is more difficult to detect infection with a ratnik than to detect the presence of a styler. In addition, such malware can be used not only to steal confidential data, but also to provide paid access to a hacked organization to other intruders. Hackers can use this to blackmail the victim company and then resell the stolen data on the black market," explained Alexey Vishnyakov, technical director of Solar 4RAYS.

Konstantin Larin, head of the Bastion cyber intelligence department, told Izvestia that attacks on companies using fake payment details have become more frequent in Russia, Izvestia reported. During the year, the number of such incidents increased by an average of 20-25%.