Cooperation is allowing threat groups to repeat successful intrusion models across sectors at speed, turning isolated compromises into sustained, multi-industry pressure, according to the latest Global Threat Intelligence Report from CyberProof.
Initial footholds are reused, tooling circulated across systems, and campaigns spread through informal collaboration rather than centralized command.
The most visible illustration of adversary collaboration has been the growing overlap between Scattered Spider, ShinyHunters, and LAPSUS$. This loose but highly active collective drew from a pool of young English-speaking SIM-swappers, social engineers, and credential-harvesting specialists.
Across campaigns targeting the Salesforce supply chain, Jaguar Land Rover, airline and retail organizations, the collective demonstrated a repeatable playbook: reconnaissance of high-privilege employees, creation of credible corporate personas, and aggressive social engineering operations to reset MFA, hijack help-desk workflows, or execute SIM-swapping attacks.
Among other findings enterprise platforms — ERP systems, collaboration servers, identity services, and SaaS ecosystems — have become preferred targets because compromise translated immediately into privileged access, operational disruption, and leverage over regulated data.
SaaS supply chain abuse has allowed attackers to pivot across hundreds of organizations without exploiting core platforms directly. Ransomware campaigns increasingly targeted operational continuity rather than encryption alone, disrupting production lines, logistics, and customer-facing services, with AI-enabled automation accelerating phishing, payload generation, and attack execution at scale.
Ransomware activity against the global retail sector increased by 58 percent in Q2 2025 compared to Q1. 80 percent of retailers faced a cyberattack in 2025, with UK-based retailers experiencing the highest concentration of attacks.
Attacks on the manufacturing sector saw the steepest increase in activity, with attacks surging by 61 percent compared with the previous year. Manufacturing accounted for 26 percent of all attacks in 2025.
The report’s authors conclude:
What distinguished 2025 was not the emergence of entirely new threats, but the efficiency with which existing ones were executed and replicated. Collaboration among threat actors, the industrialization of extortion, and the systematic targeting of enterprise platforms transformed cyber incidents into business-level crises with regulatory, financial, and geopolitical implications. At the same time, ongoing geopolitical conflicts demonstrated how cyber operations are now routinely integrated with physical and political pressure, reinforcing their role as a permanent feature of modern conflict.
As organizations move forward, the lessons of 2025 are clear. Security strategies built primarily around perimeter defense and reactive patching are no longer sufficient. Trust relationships, identity systems, and third-party dependencies now represent the most challenging terrains. Understanding how attackers chain these elements together — and how quickly they operationalize successful techniques — will be critical to navigating the threat landscape in the year ahead.
You can get the full report from the CyberProof site.
Image credit: Gorodenkoff/depositphotos.com
![why-browser-security-is-increasingly-essential-for-the-enterprise-[q&a]](https://thetechbriefs.com/wp-content/uploads/2025/08/53305-why-browser-security-is-increasingly-essential-for-the-enterprise-qa.jpg)