Cyberwarfare has entered a new phase marked by the intensive use of artificial intelligence, which is allowing attackers to act with greater speed, coordination and adaptability when mounting increasingly complex cyberattacks.
This is what TrendAI, Trend Micro’s enterprise business unit, warns in its latest report on advanced threats that analyzes campaigns observed in 2025 and the first quarter of 2026, and concludes that organizations must abandon a model focused on prevention to adopt another based on visibility, containment and rapid recovery from cyberattacks.
The report points to a paradigm shift in which artificial intelligence is no longer limited to supporting certain phases of the attack, but has been directly integrated into offensive operations, facilitating the automation of cyberattacks and accelerating key processes such as intrusion, lateral movement or persistence in compromised systems. This evolution is reducing the response times of cybersecurity teams and raising the level of risk against cyber attacks for companies and public administrations.
Cyberattacks on critical infrastructure are strategic
The study shows the sectors most affected by cyberattacks in 2025, where public entities, with 1,480 incidents, top the list, followed by the technology sector, with 674 cases. Meanwhile, the energy sector recorded the highest growth in cyberattacks, with 113% more activity.
“This increase in cyberattacks on the energy sector confirms that critical infrastructures have become a priority strategic objective for advanced actors. We are no longer just talking about specific interruptions, but about campaigns designed to infiltrate, remain hidden and collect key information for long periods of time,” explains José de la Cruz, technical director of TrendAI.
The activity of APT groups against critical infrastructure such as energy has experienced a significant increase, reflecting their key role in national security and economic stability in the face of cyberattacks. These campaigns do not only seek immediate disruption, but rather prioritize the collection of intelligence on power grids. To do this, attackers focus their efforts on previous phases such as reconnaissance, theft of credentials and positioning within systems, with the aim of facilitating future cyberattacks and maintaining long-term access.
Attackers focus their efforts on previous phases such as reconnaissance, credential theft, and positioning within systems.
In this context, the company has observed both sabotage and covert espionage operations linked to advanced cyberattacks. Groups like Earth Vetala have pursued more stealthy strategies, infiltrating critical organizations using social engineering and legitimate tools to ensure persistent access and launch new cyberattacks when necessary.
“In this new scenario, organizations must assume that the risk is continuous and that the key is to improve detection capacity, contain the impact of cyberattacks quickly and guarantee operational continuity in the face of increasingly automated and sophisticated threats,” concludes de la Cruz.
