Year in Review: The biggest cyberattacks of 2025

2025 saw a rise in cyberattacks, with India alone recording more than 265 million of them, according to Quick Heal Technologies’ India Cyber Threat Report, 2026.

Here’s a look at the major cyber incidents in India and around the world:

Operation Sindoor: In May 2025, India launched Operation Sindoor, a major military strike against terror infrastructure in Pakistan and Pakistan-occupied Kashmir. This came in retaliation against the brutal Pahalgam attack in Jammu and Kashmir. The operation immediately triggered a wave of cyberattacks targeting the Indian government and critical infrastructure systems.

• President’s website attacked: Right after the strikes, this site faced a DDoS (Distributed Denial of Service) attack lasting almost 19 hours, aimed at overwhelming and shutting it down.
• National power grid probed: Around the same time, authorities reported roughly 2,00,000 cyberattacks on the national power grid. The attacks targeted both IT and operational technology (OT) systems, likely testing for vulnerabilities during military operations.
• Government networks targeted: Monitors noted spikes in hostile traffic against ministries, National Informatics Centre-managed data centres, and defence research organisations.
• Hacktivist activity: Groups aligned with Pakistan conducted waves of DDoS attacks and defaced public services websites, tax portals, education sites, and other government platforms.

Operation Sindoor highlighted how cyberattacks are now not just financial siphoning / extortion tools, but have also risen to the level of war weaponry.

DDoS attack on Power Grid: On May 2, the Power Grid Corporation of India faced a DDoS attack lasting over 31 minutes. The company is responsible for the operation and management of India’s national power grid.

While the attack stayed on the web front-end, online services such as bill payments, fault reporting, and customer queries were disrupted.

Double attack on BSNL: On April 25–26, BSNL’s main website experienced two consecutive DDoS attacks, each lasting over 30 minutes. The attacks left the website inaccessible for several days, affecting bill payments, service requests, and customer support.

Global cyberattack incidents in 2025

Several high-profile global incidents highlighted the scale and sophistication of attacks this year.

16 billion records stolen: June saw the largest credential leak in history — over 16 billion login credentials across 30 datasets were stolen. Accounts belonging to Apple, Facebook, Google, GitHub, Telegram, and government portals were affected. Infostealer malware campaigns collected credentials, creating “credential-stuffing goldmine” databases that cybercriminals can utilise to impersonate actual users. Experts warned of a potential surge in phishing, identity theft, and account takeovers worldwide.

The Jaguar Land Rover attack: On September 2, the “Scattered Lapsus$ Hunters” group hit JLR, halting production at factories in the UK and abroad for almost six weeks. The attack caused an estimated £2 billion loss, reduced Britain’s car output by over 25% in September, and forced JLR to seek a £1.5 billion UK government loan guarantee.

Volkswagen data breach: Reported in January 2025, around 8,00,000 electric-vehicle users across Volkswagen, Audi, Škoda, and Seat had their personal data exposed. This included names, contact details, vehicle locations, driving patterns, and visits to sensitive locations such as homes, workplaces, and law enforcement sites. The breach carries the risk of GDPR non-compliance, potential fines, and long-term reputational damage.

Airport systems attack: Collins Aerospace, the US-based provider of check-in and boarding systems, was hit in September by a cyberattack that affected major European airports, including London’s Heathrow, Brussels, and Berlin. Staff had to switch to manual processes, resulting in long queues, flight delays, and hundreds of cancellations. Brussels Airport alone asked airlines to cancel nearly 140 departures on one Monday.

The Asahi Group cyberattack: Japan’s largest brewer faced a late September cyberattack, that caused a “systems failure,” halting order processing and shipments, including of their flagship Asahi Super Dry beer. While production lines were not directly damaged, the disruption highlighted the risk of attacks on business operations.

ChatGPT-related Mixpanel breach: In November, Mixpanel, which OpenAI used to track user interactions, was hacked. Attackers stole profile data including names, email addresses, organisation IDs, location details, browser and OS information, and referral websites. ChatGPT conversations, passwords, API keys, and payment details were not accessed. OpenAI cut ties with Mixpanel and notified affected users.

Pornhub breach: On December 16, hackers from the ShinyHunters group claimed that it stole 94 GB of analytics data of Pornhub Premium users via Mixpanel. Over 200 million records including email addresses, rough location data, search terms, video history, and timestamps were compromised and used for extortion.

AI’s role in cyberattacks

Another phenomenon that was observed in 2025 was the deployment of AI for cyberattacks. Easy-to-use AI agents have made it easy for even inexperienced bad actors to communicate with them in natural language and automate attacks with little-to-no human intervention.

In one instance, North Korea’s Kimsuky group used AI chatbots to generate realistic fake IDs, briefing notes, and emails for spear-phishing South Korean officials and think-tanks. These allowed malware delivery disguised as legitimate communications.

In November, Anthropic revealed that its Claude AI had been misused in cyberattacks. In one China-linked campaign, Claude automated 80–90% of hacking steps against around 30 targets, including tech companies, banks, chemical firms, and government bodies. Another case involved a single hacker using Claude to attack 17 organisations — including a defence contractor, bank, and healthcare providers — by finding vulnerabilities, writing attack code, sorting stolen data, and drafting ransom emails. These incidents prompted Anthropic to strengthen safety measures.

2024 vs 2025: How cyberattacks evolved

In 2024, India’s focus was on high-profile breaches and fraud. Major events included the BSNL and Angel One attacks, and the WazirX crypto heist worth $235 million. The year saw 370 million malware attacks and over one million ransomware detections (India Cyber Threat Report 2025).

By 2025, the threat landscape shifted to targeted attacks on critical infrastructure and data-rich sectors. India recorded over 265 million cyberattacks, according to India Cyber Threat Report 2026. Nearly 25% of enterprises reported losses exceeding $1 million from cyber breaches over the past three years, particularly large companies earning $5 billion or more annually (PwC report).

Check Point’s Q1 2025 Global Cyber Attack Report found that the average weekly cyberattacks per organisation had risen to 1,925, a 47% increase from early 2024.

Globally, IBM’s Cost of Data Breach Report 2025 noted that while the average cost of a data breach declined 9% to $4.44 million, 16% of breaches involved AI — from deepfake phishing to automated intrusions. Faster containment by AI-powered tools helped, but attackers are increasingly using AI themselves.

As IBM and CloudSEK noted, the impact of cyberattacks goes far beyond direct financial losses. Damage to a company’s reputation, legal troubles, and stress on employees all add to the larger, long-term cost, and can even affect the very livelihoods of ordinary people.