SANTA CLARA, Calif., June 2, 2026 – To accurately analyze the evolving landscape of global Advanced Persistent Threats (APT) and bolster defenses for digital security and critical information infrastructure, NSFOCUS has released the 2025 APT Annual Landscape Report, combining robust cybersecurity monitoring and advanced threat hunting capabilities.
This report conducts an in-depth analysis of APT activities across 2025 and decodes cutting-edge attack techniques, delivering actionable guidance for industries worldwide to defend against APT activities.
NSFOCUS Insights
Global APT activities maintained an upward trend in 2025. NSFOCUS Fuying Lab recorded 308 APT incidents throughout the year, representing a year-on-year increase of 4%. In terms of targets, APT attacks against the national defense and military sector rose sharply to 17%, up 9 percentage points from 2024. This notable shift is closely tied to the increasingly strained geopolitical landscape in recent years.
In 2025, global APT showed the characteristics of technical sophistication, tactical complexity, and frequent vulnerabilities” . Driven by new attack strategies and new productivity tools, APT groups’ attack techniques and tactics continued to upgrade, and their attack accuracy and destructive power have been significantly improved.
Core APT Trends in 2025
Based on full-year threat intelligence and real-world investigation cases, NSFOCUS Fuying Lab has summarized seven defining trends for APT attacks:
- APT groups are integrating AI tools and AIGC into the entire attack process.
- Clickfix social engineering tactics are proliferating and becomes a major gateway for APT phishing attacks.
- Multi-signature hijacking technology becomes a weapon for APT groups to commit economic crimes.
- APT groups use door-knocking mode for covert communication in attacks against China.
- Privileged Visual Studio Software is widely abused to bypass system security defenses.
- APT groups continue to exploit new zero-day vulnerabilities in URL files and launch one-click attacks.
- Chromium sandbox escape zero-day vulnerability becomes the focus of APT group exploitation.
Based on the APT tactics, techniques, and procedures (TTPs) trends and threat landscape of 2025, NSFOCUS Fuying Lab believes that APT landscape in 2026 will inevitably become further intertwined with AI and zero-day vulnerabilities. The threat landscape is poised to evolve toward more diversified attack payloads, highly sophisticated attack processes, and an expanded scope of impact.
Download the report: https://nsfocusglobal.com/resources/2025-apt-annual-landscape-report/
