Kaspersky's 2026 Security Bulletin: Navigating Persistent and Emerging Cyber Threats in Telecommunications
Executive Summary
In December 2025, Kaspersky released its Security Bulletin highlighting persistent and emerging cybersecurity threats in the telecommunications sector. The report identifies four primary threat categories: Advanced Persistent Threats (APTs) aiming for long-term espionage, supply chain vulnerabilities exploiting interconnected vendor ecosystems, Distributed Denial-of-Service (DDoS) attacks affecting service availability, and SIM-enabled fraud targeting mobile networks. Additionally, the integration of new technologies such as AI-driven network management, post-quantum cryptography, and 5G-to-satellite connectivity introduces new operational risks. (kaspersky.com)
The relevance of this report is underscored by the continuous evolution of cyber threats in the telecom industry. As operators adopt advanced technologies, they must address both existing and emerging risks to maintain network security and service reliability. (kaspersky.com)
Why This Matters Now
The telecommunications sector is at a critical juncture, facing persistent cyber threats while integrating new technologies that introduce additional vulnerabilities. Proactive measures are essential to safeguard infrastructure and ensure uninterrupted services.
Attack Path Analysis
An adversary exploited a public-facing application vulnerability to gain initial access, escalated privileges by exploiting misconfigured IAM roles, moved laterally across cloud environments, established command and control channels, exfiltrated sensitive data, and ultimately disrupted services through data encryption.
Kill Chain Progression
Initial Compromise
Description
The adversary exploited a vulnerability in a public-facing application to gain unauthorized access to the cloud environment.
Related CVEs
CVE-2025-38352
CVSS 7.4A race condition in the Linux Kernel allows local users to escalate privileges.
Affected Products:
Linux Kernel – All versions up to 5.15.0
Exploit Status:
exploited in the wildCVE-2025-48543
CVSS 8.8An unspecified vulnerability in Android Runtime allows for privilege escalation.
Affected Products:
Google Android – 8.0, 8.1, 9.0, 10.0, 11.0, 12.0
Exploit Status:
exploited in the wildCVE-2025-53770
CVSS 9.8A remote code execution vulnerability in Microsoft SharePoint allows unauthenticated attackers to execute arbitrary code.
Affected Products:
Microsoft SharePoint Server – 2019, Subscription Edition
Exploit Status:
exploited in the wildCVE-2025-53771
CVSS 6.5A remote code execution vulnerability in Microsoft SharePoint allows unauthenticated attackers to execute arbitrary code.
Affected Products:
Microsoft SharePoint Server – 2019, Subscription Edition
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Exploit Public-Facing Application
Valid Accounts
Trusted Relationship
Command and Scripting Interpreter: PowerShell
Command and Scripting Interpreter: Windows Command Shell
Command and Scripting Interpreter: Visual Basic
Command and Scripting Interpreter: JavaScript
Command and Scripting Interpreter: Python
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components and software are protected from known vulnerabilities by installing applicable security patches
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Identity and Access Management
Control ID: 2.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Government Administration
Government sector faces highest APT targeting (18.5% of incidents) requiring enhanced Zero Trust segmentation, encrypted traffic monitoring, and east-west lateral movement prevention capabilities.
Industrial Automation
Industrial organizations experience 16.6% of cyber incidents with APT threats exploiting trusted relationships, demanding robust egress security and multicloud visibility for operational technology protection.
Information Technology/IT
IT sector shows increased incident response requests, third-highest targeted industry requiring Kubernetes security, cloud firewall protection, and comprehensive threat detection against sophisticated APT campaigns.
Financial Services
Financial sector faces medium-severity APT incidents with regulatory compliance requirements demanding PCI DSS adherence, encrypted traffic protection, and advanced anomaly response for data exfiltration prevention.
Sources
- Anatomy of a Cyber World Global Report 2026https://securelist.com/global-report-security-services-2026/119233/Verified
- CISA Adds Three Known Exploited Vulnerabilities to Cataloghttps://www.cisa.gov/news-events/alerts/2025/09/04/cisa-adds-three-known-exploited-vulnerabilities-catalogVerified
- We're witnessing an urgent and active threat - Microsoft SharePoint 'ToolShell' vulnerability is being attacked globallyhttps://www.windowscentral.com/software-apps/were-witnessing-an-urgent-and-active-threat-microsoft-sharepoint-toolshell-vulnerability-is-being-attacked-globallyVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to move laterally, escalate privileges, and exfiltrate data by enforcing strict segmentation and identity-aware policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: While initial access may still occur, the attacker's ability to exploit the compromised application to access other resources would likely be constrained.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges would likely be constrained by enforcing strict identity-aware access controls.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement across cloud services would likely be constrained by enforcing east-west traffic controls.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish and maintain command and control channels would likely be constrained by enhanced visibility and control across multicloud environments.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate sensitive data would likely be constrained by enforcing strict egress policies.
The attacker's ability to encrypt critical data and disrupt services would likely be constrained by limiting their access and control over cloud resources.
Impact at a Glance
Affected Business Functions
- n/a
Estimated downtime: N/A
Estimated loss: N/A
n/a
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to enforce least privilege access and limit lateral movement within the cloud environment.
- • Deploy East-West Traffic Security controls to monitor and restrict internal traffic, preventing unauthorized lateral movement.
- • Utilize Egress Security & Policy Enforcement to control outbound traffic and prevent data exfiltration to unauthorized destinations.
- • Establish Multicloud Visibility & Control mechanisms to detect and respond to anomalous activities across cloud platforms.
- • Apply Inline IPS (Suricata) to detect and prevent exploitation attempts targeting public-facing applications.
