Global Government Sector Cyber Threat Intelligence Report

By 2025, public institutions faced a rapidly evolving cyber threat landscape marked by high-volume DDoS attacks, widespread identity theft, advanced state-sponsored operations, and increasingly coordinated ransomware campaigns. DDoS attacks mostly driven by hacktivist groups accounted for 68.6% of incidents, heavily impacting conflict regions. Yet the most critical risk came from identity-based intrusions fueled by infostealers and Initial Access Brokers, with notable activity in India, Indonesia, and Turkey. State-sponsored APT groups, exemplified by SideWinder’s multi-stage espionage operations across South Asia, demonstrated how traditional phishing combined with modern evasion techniques remains difficult to detect. Meanwhile, ransomware groups like Qilin exploited leaked credentials and unpatched services, affecting more than 700 victims globally, including at least 31 public-sector entities. Overall, public institutions in 2025 faced a multidimensional threat environment requiring stronger resilience and identity-centric defense strategies.