Insider Threats: Flashpoint observes 91,321 instances in 2025
Every organization houses sensitive assets that threat actors actively seek. Whether it is proprietary trade secrets, intellectual property, or the personally identifiable information (PII) of employees and customers, these datasets are the lifeblood of the modern enterprise—and highly lucrative commodities within the illicit underground.
In 2025, Flashpoint observed 91,321 instances of insider recruiting, advertising, and threat actor discussions involving insider-related illicit activity. This underscores a critical reality—it is far more efficient for threat actors to recruit an “insider” to circumvent multi-million dollar security stacks than it is to develop a complex exploit from the outside.
Last year, Flashpoint collected and researched:
91,321 posts of insider solicitation and service advertising
On average, 1,162 insider-related posts were published per month, with Telegram continuing to be one of the most prominent mediums for insiders and threat actors to identify and collaborate with each other. Analysts also identified instances of extortionist groups targeting employees at organizations to financially motivate them to become insiders.
Insider Threat Landscape by Industry
The telecommunications industry observed the most insider-related activity in 2025. This is due to the industry’s central role in identity verification and its status as the primary target for SIM swapping—a fraudulent technique where threat actors convince employees of a mobile carrier to link a victim’s phone number to a SIM card controlled by the attacker. This allows the threat actor to receive all the victim’s calls and texts, allowing them to bypass SMS-based two-factor authentication.
Insider Threat data from January 1, 2025 to November 24, 2025
Flashpoint analysts identified 12,783 notable posts where the level of detail or the specific target was particularly concerning.
Top Industries for Insiders Advertising Services (Supply):
Telecom
Financial
Retail
Technology
Top Industries for Threat Actors Soliciting Access (Demand):
Technology
Financial
Telecom
Retail
Flashpoint shares more details in a blog post, published today. It’s honestly worth your time to read.
This entry was posted on January 15, 2026 at 6:06 pm and is filed under Commentary with tags Flashpoint. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Insider Threats: Flashpoint observes 91,321 instances in 2025
Every organization houses sensitive assets that threat actors actively seek. Whether it is proprietary trade secrets, intellectual property, or the personally identifiable information (PII) of employees and customers, these datasets are the lifeblood of the modern enterprise—and highly lucrative commodities within the illicit underground.
In 2025, Flashpoint observed 91,321 instances of insider recruiting, advertising, and threat actor discussions involving insider-related illicit activity. This underscores a critical reality—it is far more efficient for threat actors to recruit an “insider” to circumvent multi-million dollar security stacks than it is to develop a complex exploit from the outside.
Last year, Flashpoint collected and researched:
On average, 1,162 insider-related posts were published per month, with Telegram continuing to be one of the most prominent mediums for insiders and threat actors to identify and collaborate with each other. Analysts also identified instances of extortionist groups targeting employees at organizations to financially motivate them to become insiders.
Insider Threat Landscape by Industry
The telecommunications industry observed the most insider-related activity in 2025. This is due to the industry’s central role in identity verification and its status as the primary target for SIM swapping—a fraudulent technique where threat actors convince employees of a mobile carrier to link a victim’s phone number to a SIM card controlled by the attacker. This allows the threat actor to receive all the victim’s calls and texts, allowing them to bypass SMS-based two-factor authentication.
Insider Threat data from January 1, 2025 to November 24, 2025
Flashpoint analysts identified 12,783 notable posts where the level of detail or the specific target was particularly concerning.
Top Industries for Insiders Advertising Services (Supply):
Top Industries for Threat Actors Soliciting Access (Demand):
Flashpoint shares more details in a blog post, published today. It’s honestly worth your time to read.
Share this:
Like this:
Related
This entry was posted on January 15, 2026 at 6:06 pm and is filed under Commentary with tags Flashpoint. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.