Cyberattacks on Russian industry quadruple in 2025 — WMX report

Cyberattacks on the online infrastructure of Russia’s industrial and manufacturing enterprises have surged more than fourfold in the first nine months of 2025, according to data from cybersecurity firm WMX. The findings, based on monitoring via the company’s ProWAF web application firewall, were cited in a report obtained by Gazeta.ru.

The study analysed data from over 180 major organisations across industrial, public, and financial sectors, revealing a sharp rise in malicious activity. In the third quarter of 2025, each industrial enterprise faced an average of 650,000 web application attacks, compared to 140,000 at the beginning of the year. Meanwhile, overall traffic to protected resources remained stable — indicating that the share of hacker activity within the total traffic volume has significantly increased.

Automated scanners were identified as the most common threat, accounting for 20% of all web attacks. These tools are typically used to gather information about software versions, server configurations, and open APIs to quickly detect vulnerabilities.

The second most prevalent threat, comprising 18% of incidents, was remote code execution (RCE) attacks. Such attacks aim to inject and execute malicious code on a server, allowing hackers to gain full control over systems, steal data, or spread further within a company’s internal network.

Experts attribute the escalation in cyber threats to the ongoing digital transformation of industrial production, the blurring of boundaries between IT and operational technology (OT), and the expansion of web-based services — such as online sales and contractor portals — by many enterprises.

At the same time, the growing availability of attack tools and “as-a-service” platforms, including AI-assisted hacking utilities, has made it easier for even low-skilled groups to launch cyberattacks, contributing to the surge in industrial cyber incidents.

By Vugar Khalilov