INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

IT threat evolution in Q1 2026 non-mobile statistics

| 2026-05-18 12:00 CRITICAL HIGH
Executive Summary AI-generated
The situation in the cybersecurity landscape is critical, with a surge of ransomware attacks and miners targeting various countries and territories. The United States, Netherlands, and Germany have borne the brunt of these attacks, accounting for significant proportions of SSH-based assaults. This trend suggests that nations prioritizing digital security are taking proactive measures to safeguard their citizens' data.
Technical Mitigations AI-generated
• Use up-to-date security software and keep it updated to protect against known vulnerabilities like CVE-2026-20131. • Implement a robust firewall configuration, such as Cisco Secure FMC management system, to block arbitrary Java code execution with root privileges on the affected device. • Regularly update operating systems and applications to patch critical vulnerabilities before they can be exploited by attackers.
AI Podcast (EN) detail_available
detail_listen_ai (EN)
Intelligence distributed on:
Incident Link
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation TriangulationOperation Triangulation INC RansomINC Ransom WannaCryWannaCryBlackCatBlackCatQilinQilin CVE-2026-20131CVE-2026-20131
Target & Sectors
AFRICA AFRICA NORDICS NORDICS SOUTH_ASIA SOUTH_ASIA NORTH_AMERICA NORTH_AMERICA LATAM LATAM CENTRAL_ASIA CENTRAL_ASIA BENELUX BENELUX ASEAN ASEAN DACH DACH MIDDLE_EAST MIDDLE_EAST mediamedia
Incident Timeline
‎at least November 2020
Phobos ransomware administrators used international attacks to target victims from at least November 2020.
tactic Ransomware
‎November 2020
Threat actors used a prior direct role in BlackCat ransomware attacks to facilitate dozens of ransomware attacks across the United States.
organisation the U.S. Department of Justice
‎Q1 2025
Threat actors used ransomware to target 77,319 unique users in Q1 2025.
tactic Ransomware
victims 77,319 unique users
‎no later than July 2025
Threat actors used INC Ransom to target 7.25% of the population emerging no later than July 2025.
threat_actor INC Ransom
general_metric 7.25 %
general_metric 6.13 %
‎July 2025
Threat actors used Malware web attacks to target 11.55% of users' computers worldwide during Q1, with the United States and Germany accounting for the highest proportions.
organisation Q4
organisation Ransomware
victims 35,056 unique users
organisation Verdict %
infrastructure Macos
data_breach 21.09 Mozambique
data_breach 12 Mozambique
data_breach 21.02 Mozambique
infrastructure Ios
organisation iVerify
organisation the On-Access Scan
organisation OAS
organisation ODS
organisation Mirai
organisation NyaDrop
organisation Operation Triangulation
financial 6.38 WannaCry Trojan Ransom
financial 3 WannaCry Trojan Ransom
organisation PasivRobber
organisation IoT
organisation Kaspersky IoT
organisation IP
organisation Telnet
organisation Anti-Virus
‎January 26, 2026
The Gentlemen, a new threat actor, targeted organizations with network appliances.
‎at least January 26, 2026
The Interlock group exploited the CVE-2026-20131 zero-day vulnerability in Cisco Secure FMC firewall management software starting at least January 26, 2026.
vulnerability CVE-2026-20131
tactic T1588.006 - Vulnerabilities
organisation The Interlock
‎Q1 2026
Number of unique users attacked by miners, Q1 2026 (download).
tactic Ransomware
target_region Pakistan
target_region Korea, Republic of
target_region China
target_region Tajikistan
target_region Libya
target_region Turkmenistan
target_region Iraq
target_region Bangladesh
target_region Rwanda
target_region Cameroon
general_metric 10 countries
general_metric 1 Pakistan
general_metric 0.79 South Korea
general_metric 2 South Korea
general_metric 0.64 China
general_metric 3 China
general_metric 0.52 Tajikistan
general_metric 4 Tajikistan
general_metric 0.40 Libya
general_metric 5 Libya
general_metric 0.38 Turkmenistan
general_metric 6 Turkmenistan
general_metric 0.36 Iraq
general_metric 7 Iraq
general_metric 0.35 Bangladesh
general_metric 8 Bangladesh
general_metric 0.33 Rwanda
general_metric 9 Rwanda
general_metric 0.30 Cameroon
general_metric 0.28 Cameroon
general_metric 50,000 few
target_region Senegal
target_region Mali
target_region Ethiopia
target_region Panama
target_region Afghanistan
target_region Kazakhstan
organisation miners Country
target_region Tanzania, United Republic of
target_region Bolivia, Plurinational State of
general_metric 3.19 Turkmenistan
general_metric 3.06 Mali
general_metric 2.63 Tanzania
general_metric 1.62 Bangladesh
general_metric 0.95 Panama
general_metric 0.88 Afghanistan
general_metric 0.75 Bolivia
victims 77,319 unique users
victims 260,588 unique Kaspersky users
‎January 2026
Law enforcement agencies seized the domains of the RAMP cybercrime forum, disrupting a key element of ransomware developers' operations.
attribution Ransomware
attribution FBI
attribution RAMP
‎Q1 2026
Kaspersky solutions detected 3485 new modifications of miners.
tactic Ransomware
infrastructure Macos
organisation Google
organisation Non-mobile
organisation Miners Number
general_metric 3485 new modifications
organisation SSH
general_metric 343,823,407 attacks
general_metric 15,831,319 malicious objects
‎2026/05/18
Threat actors used Kaspersky products to target 77,000 users whose data was published on DLS in Q1 2026.
victims 77,000 users
organisation DLS
organisation Kaspersky
organisation File Anti-Virus
victims 260,000 users
Tactical Metrics
Metrics
infrastructure
‎Macos
Affected Product
Metrics
data_breach
21
Mozambique
Metrics
data_breach
12
Mozambique
Metrics
data_breach
21
Mozambique
Metrics
victims
77,000
Users
Metrics
victims
77,319
Unique Users
Metrics
victims
35,056
Unique Users
Metrics
infrastructure
‎Ios
Affected Product
Metrics
financial
6
Wannacry Trojan Ransom
Metrics
financial
3
Wannacry Trojan Ransom
Metrics
victims
260,588
Unique Kaspersky Users
Metrics
victims
260,000
Users
Intelligence Sources