The United States has emerged as one of the most targeted countries in the world as cybercriminals rapidly integrate AI into their attack tools, according to new research from Trellix.
The cybersecurity firm’s CyberThreat Report: October 2025 tracked 1,221 advanced persistent threat (APT) campaigns across 121 nations and 14 sectors.
Trellix finds that the US and Türkiye recorded the highest volume of detections, with the telecommunications industry among the hardest hit.
“The United States represents the second-highest APT target, accounting for 23.9% of global activity. Unlike Türkiye’s telecommunications focus, US targeting demonstrates a broader sectoral distribution with technology companies bearing significant exposure.”
Data from Trellix also shows that the United States accounted for 1,285 victims of ransomware posts, accounting for roughly 55% of geo‑identified posts.
Trellix researchers add that the latter half of 2025 has seen a sharp rise in AI-driven tools appearing on the dark web, from autonomous ransomware to AI-powered negotiation bots.
“This trend marks a significant increase compared to earlier quarters of 2024/2025. Previously, AI applications used by cybercriminals primarily encompassed phishing campaigns, integration into infostealers, and assistance in script/code generation. The current period, however, reveals a wide scope of AI threats: the emergence of AI-based ransomware, the use of AI within APT-like infostealers, and its growing incorporation across various facets of Ransomware-as-a-Service (RaaS) programs. This indicates not only the growing sophistication and ubiquity of AI but also cybercriminals’ sustained efforts to integrate modern technology into their illicit activities.”
John Fokker, VP of Threat Intelligence Strategy at Trellix, warns that the combination of automation and state-linked campaigns is reshaping how attacks are launched and scaled.
“As threat actors near the AI adoption inflection point, demonstrating a more structured use of AI-powered attack methods over the last six months, they’ll be able to chain multiple AI-driven attacks with unprecedented fluidity, significantly shortening and diversifying the time required to execute an attack.”
Disclaimer: Opinions expressed at CapitalAI Daily are not investment advice. Investors should do their own due diligence before making any decisions involving securities, cryptocurrencies, or digital assets. Your transfers and trades are at your own risk, and any losses you may incur are your responsibility. CapitalAI Daily does not recommend the buying or selling of any assets, nor is CapitalAI Daily an investment advisor. See our Editorial Standards and Terms of Use.