A report from Trellix provides insights and intelligence on current cyber threats (specifically between October 1, 2024 and March 31st, 2025). Particularly, the report analyzes the tools, techniques, and intentions of nation-state and cybercriminal actors.

According to the findings, in Q1 2025, advanced persistent threats (APTs) focusing on the United States increased by 136% from the previous quarter. 47% of APT detections targeting the U.S. were attributed to China, while 35% were attributed to Russian groups. 

Threat actors affiliated with China have been refining and evolving tactics, exploiting zero-day vulnerabilities or known vulnerabilities as opposed to more conventional methods (such as phishing). China’s APT40 and Mustang Panda were the two most active APT groups, accounting for 46% of all detected APT activity. The activity of APT41, a China-aligned group, increased by 113% in Q1 2025 compared to the previous quarter. 

Data from the report also saw an increase in activity linked to Russia-aligned threat actors within the final quarter of 2024. APT29 (also referred to as Midnight Blizzard) was the third most active group, primarily targeting transportation and shipping (55%) and telecommunications (40%).

The report indicates that government institutions were the top target of malicious activity. However, APTs against the telecommunications industry rose by 92% in Q1. Furthermore, the technology industry saw 119% increase in APT-related detections.