Come 2026, the global telecom sector will face advanced persistent threat (APT) campaigns, distributed denial-of-service (DDoS) attacks and supply-chain vulnerabilities even as the industry accelerates the rollout of new technologies, according to cybersecurity firm, Kaspersky.
   
In its latest Kaspersky Security Bulletin, the company said the threats that shaped telecom cybersecurity in 2025 are unlikely to abate, warning that they are increasingly intersecting with operational risks created by artificial intelligence-driven automation, post-quantum cryptography transitions and the integration of satellite connectivity into terrestrial networks.
   
The report identified four broad threat categories that defined the telecom security landscape in 2025. Chief among them were targeted intrusions by highly skilled attackers, often referred to as APTs, which seek long-term, stealthy access to operator networks. Such campaigns are typically aimed at espionage, surveillance or gaining strategic leverage by embedding themselves deep within core infrastructure.
   
“Telecom networks remain uniquely attractive targets because of their privileged position in national communications ecosystems,” Kaspersky said, noting that successful intrusions can provide attackers with wide visibility across voice, data and signalling traffic.
   
Supply-chain compromise also remained a persistent weakness. Telecom operators depend on complex ecosystems of vendors, software platforms, contractors and managed services. Vulnerabilities in widely used third-party tools, the report said, can offer attackers indirect access to operator environments, often bypassing perimeter defences.
    
DDoS attacks, meanwhile, continued to pose a practical challenge to network availability and capacity. While such attacks are not new, Kaspersky said their scale and sophistication have grown, putting pressure on operators to treat them not only as security incidents but as capacity-management problems capable of degrading customer experience and disrupting critical services.
   
Data from the Kaspersky Security Network underscored the scale of the challenge. Between November 2024 and October 2025, 12.79 per cent of users in the telecommunications sector encountered web-based threats, while 20.76 per cent faced on-device malware. Over the same period, 9.86 per cent of telecom organisations worldwide experienced ransomware incidents, highlighting the sector’s sustained exposure to financially motivated attacks.
    
Looking ahead to 2026, Kaspersky warned that the telecom industry’s transition from rapid innovation to mass deployment of new technologies could introduce fresh vulnerabilities if not carefully managed. The report highlighted three areas of particular concern.
  
The first is AI-assisted network management. As operators increasingly rely on automation to optimise performance and manage complex networks, errors or manipulated data inputs could be amplified at scale. Poorly governed AI systems, Kaspersky said, risk making confidently wrong decisions that could disrupt services or weaken security controls.
   
The second is the industry’s gradual shift toward post-quantum cryptography. While the move is intended to future-proof networks against the threat of quantum computing, rushed or uneven deployment of hybrid cryptographic approaches could lead to interoperability problems, performance bottlenecks and gaps between IT, management and interconnect environments.
    
The third emerging risk area is the integration of 5G networks with satellite systems, also known as non-terrestrial networks (NTN). While satellite connectivity promises broader coverage and resilience, it also expands service footprints and introduces new partners, interfaces and points of failure that could be exploited if security is not built in from the outset.
  
“The threats that dominated 2025, which include APT campaigns, supply-chain attacks and DDoS floods, aren’t going away. But now they intersect with operational risks from AI automation, quantum-ready cryptography and satellite integration. Telecom operators need visibility across both dimensions,” said a senior security researcher at Kaspersky’s Global Research and Analysis Team, Leonid Bezvershenko.
   
To mitigate these risks, Kaspersky urged operators to adopt a more integrated approach to security and resilience.
  
Recommendations include continuous monitoring of the APT landscape and telecom-relevant infrastructure using threat intelligence tools, combined with regular security awareness training for staff.
   
The company also advised treating AI-driven network automation as a formal change-management programme, with staged rollouts, clear rollback mechanisms and human oversight for high-impact decisions. For DDoS threats, Kaspersky said operators should validate upstream mitigation capabilities, protect edge routing infrastructure and monitor early congestion signals that could precede customer disruption.