New report from TrendAI reveals industrialized cyberattacks and how AI accelerates them — State‑backed hackers increasingly collaborate, according to a new TrendAI report showing how AI is driving more advanced cyber espionage.
Global cybersecurity leader TrendAI today publishes the report Nation Aligned APTs in 2025: AI Fueled Threats and the Shifting Global Cyber Balance, documenting how state‑sponsored cyber actors are increasingly sharing access to already compromised networks.
Rather than individual groups carrying out an entire attack chain, access is now frequently transferred between groups, dramatically shortening the time from intrusion to espionage or sabotage.
Industrialized cyber espionage through “Pass‑as‑a‑Service”
In the report TrendAI describes a model it calls Premier Pass‑as‑a‑Service, where access to compromised networks is sold or re‑shared as a service.
This model has emerged among threat clusters linked to China, where actors specialize in different parts of the attack chain and then hand off access to others. That allows subsequent operators to move quickly into phases such as data theft, intelligence collection, or disruptive operations.
“We are witnessing state‑backed cyber operations becoming increasingly industrialized,” says Martin Fribrock, Country Manager Sweden, Finland and Baltics at TrendAI. Threat groups focus on specific steps of the attack chain and then hand over access to already compromised networks. This enables other actors to proceed immediately to the next phase, such as espionage or sabotage. The result is faster, more coordinated attacks that are difficult to detect and to attribute to the correct perpetrator.
Geopolitical objectives and AI drive the trend
The report also highlights that cyberattacks are increasingly tied to geopolitical objectives. Researchers have identified intrusions targeting Ukraine’s defense supply chains, including maritime, rail, and logistics networks that support the country and its allies.
At the same time, AI use is expected to accelerate this evolution. According to the report, threat actors combine domestic AI solutions with Western platforms to:
- automate target mapping
- identify vulnerabilities more quickly
- scale attacks more efficiently
“When this type of cyber activity is combined with AI‑driven reconnaissance and vulnerability analysis, the time required to execute advanced attacks is reduced drastically,” says Martin Fribrock.
Annual-APT-Report-2025
Download
What this means for organizations: businesses now face a more complex threat landscape in which intrusions occur faster and with greater coordination. AI‑driven cyber espionage forces organizations to strengthen detection capabilities, adopt zero‑trust architectures, and proactively integrate threat intelligence into operations.
For managed service providers (MSPs) in the Nordics, the report underscores the need to adapt security services to cope with industrialized attacks. MSPs must prioritize real‑time monitoring, AI‑driven analysis, and integrated security platforms capable of handling multiple threat actors simultaneously.
Risks include faster compromises, more difficult attribution, and growing regulatory expectations. At the same time, demand for cybersecurity vendors, AI‑based defenses, and managed security services presents a significant market opportunity as organizations invest to counter evolving threats.