APTs Global Review 2022–2025 (bisi.org.uk)

A new global review of Advanced Persistent Threats (APTs) finds attacks rose 18.9% from 2022–2025 (424 → 504 incidents), driven by rapid digital expansion, a ~52% jump in tracked CVEs (2018–2022), and heightened geopolitical conflict. Activity is heavily regionalized: Asia‑Pacific accounts for 54% of incidents (≈84% of those linked to China), Europe 16.4% (≈81% Russia), and the Middle East 15.9% (≈72% Iran); North America registers just 2.6%. State and well-resourced non‑state groups (e.g., Lazarus Group) are using APTs strategically for long‑term access, espionage and disruption, and the report documents real-world monetization (over $5B in crypto theft attributed to Lazarus between 2021–2025). Technically, the landscape is changing because AI—especially LLMs like ChatGPT and Gemini—has lowered barriers to entry and boosted capabilities: automated reconnaissance, faster vulnerability discovery, credible multilingual phishing, post‑compromise automation and evasion. The review cites examples (SweetSpectre exploiting LLMs; platform owners disrupting covert campaigns in 2024) and warns AI also complicates attribution, undermining deterrence. Forecasts expect steady near‑term activity with growing AI integration, medium‑term rises in automated exploitation and evasion, and long‑term normalization of APTs alongside parallel growth in AI‑based defenses and nascent international regulatory responses. The takeaway: defenders must shift from reactive patching to proactive, AI‑augmented detection, threat hunting and multinational cooperation.