• Check Point Research (CPR) continuously tracks threats, following the clues that lead to major players and incidents in the threat landscape. • Whether it’s high-end financially-motivated campaigns or state-sponsored activity, our focus is to figure out what the threat is, report our findings to the relevant parties, and make sure Check Point customers stay protected. • Some of our work naturally makes it into the spotlight through public reports and deep blog posts. • However, a large portion of what we uncover remains in the shadows but is used on a day-to-day basis to improve protections, connect the dots between incidents, and keep a watchful eye on known threat actors and infrastructure. • In 2025, the activity varied by region and objective. • In the Americas, attackers invested in high-value targets, including early ToolShell exploitation assessed as Chinese-nexus activity against North American government organizations.

Article Summaries:

  • Check Point Research’s 2025 threat‑landscape report highlights a year of intensified, region‑specific attacks. In the Americas, attackers targeted high‑value entities, using Chinese‑linked ToolShell exploits against government SharePoint servers and credential‑stealing AiTM campaigns against U.S. think‑tank researchers. Europe saw a mix of espionage, influence operations, and financial intrusions, with Russian‑affiliated actors pressuring Eastern Europe and Ukraine, while Chinese and Iranian groups continued activity. In Asia‑Pacific and Central Asia, Chinese‑linked espionage persisted, and the Middle East and Africa experienced state‑aligned, destructive, and PSOA‑linked campaigns. The report stresses that novelty often stems from combining familiar techniques-cloud‑based C2, DLL side‑loading, social engineering-rather than new tools, underscoring the need for robust visibility across identity, cloud, and endpoints and faster patching.
  • Check Point Research (CPR) continuously tracks threats, following the clues that lead to major players and incidents in the threat landscape. Whether it’s high-end financially-motivated campaigns or state-sponsored activity, our focus is to figure out what the threat is, report our findings to the relevant parties, and make sure Check Point customers stay protected. Some of our work naturally makes it into the spotlight through public reports and deep blog posts. However, a large portion of what we uncover remains in the shadows but is used on a day-to-day basis to improve protections, connect

Sources: