Black triangle background

research report

2025 State of the Underground

Stay ahead of underground threats.

The underground cybercrime economy is evolving—fast. Ransomware attacks surged by nearly 25% last year, data breaches increased by 43%, and the underground markets grew more sophisticated and resilient. Our 2025 State of the Underground report offers a deep dive into this shifting landscape, powered by cutting-edge, AI-driven analysis.

Download the report to get actionable insights to better protect your organization in an increasingly complex threat landscape.

state of the underground 2025
  • We will use your information to communicate with you about this contact form and other solutions and related resources that may be of interest to you. You may unsubscribe at any time. For more information, please see our Privacy Policy.

Bitsight IQ

New ransomware gangs and their focus on smaller organizations

A record 2.9 billion unique credential leaks, up sharply from 2023​

The leading malware trends, including the emergence of Lumma and Risepro​

How AI is reshaping cyber defense strategies​ and shifts in hacktivism reflecting global geopolitical tensions

report reveals

Key trends demand immediate attention, with deeper insights available in our full report.

  • Ransomware attacks soared by nearly 25%, with attacker leak sites up 53%, signaling new adversary tactics
  • Data breaches discussed on underground forums rose 43%, disproportionately hitting U.S. organizations and specific service sectors
  • Endpoint compromises yielded 7.7 million logs, and 2.9 billion credentials flooded illicit markets from new dominant stealers like Lumma and Risepro
  • Over 380 unique malware variants, dominated by Stealers and RATs, hit criminal forums as geopolitical hacktivism intensified
  • The U.S. faced an 80% share of the 14.5 million compromised credit cards listed and led in critical vulnerability exposures