Military/Defense Threat Intelligence Report – 2025

From January to September 2025, both the military and defense industry sectors were the focus of intense and targeted cyberattacks. Of the 167 attacks recorded during this period, 53.9% were DDoS attacks, 37.7% were data breaches, 5.4% were unauthorized access, and 3% were ransomware attacks. This distribution shows that threat actors simultaneously aimed to paralyze operational systems, send messages to the public, and obtain sensitive intelligence data.

Israel, the US, Turkey, Iran, and Thailand were among the most targeted countries. Israel was subjected to intense cyberattacks parallel to its war environment, while the US was targeted both through its military infrastructure and defense contractors. Turkey formed a strategic threat surface due to its NATO membership and regional defense capabilities, while Iran was the focus of direct attacks as part of regional military competition.

Military institutions faced attempts to leak critical data and gain unauthorized access to internal systems by targeting their direct operational capabilities. Defense industry companies, on the other hand, were more exposed to espionage, technology leaks, and attacks carried out through the supply chain. This situation poses serious threats in terms of both operational security and technological superiority.

As a result, this period demonstrates that threat actors are not only aiming to cause service disruptions, but also to gather strategic information over the long term and gain access to military technologies.