ANSSI: data exfiltration surges
France’s ANSSI logged 1,366 incidents in its 2025 panorama — ransomware incidents fell to 128 but data exfiltration jumped 51% to 196 cases, signaling more stealthy breaches . The report also flags converging TTPs from groups like APT28, Salt Typhoon and Cl0p — with LOTL abuse via AnyDesk/Dropbox and edge exploits (Ivanti, Fortinet) increasingly common [](https://x.com/cybernewslive/status/2032453658869166387).
Published[cyber.gouv.fr] on March 11, 2026, ANSSI’s Panorama says the agency treated 3,586 security events in 2025 and logged 2,209 signalements to its services[cyber.gouv.fr]. ANSSI flagged an erosion between state-backed and criminal actors, describing an “emergence of a technological and organisational fog” and a rising use of legitimate services and AI-capabilities by attackers[cert.ssi.gouv.fr]. The report credits large-scale law-enforcement operations—citing efforts such as Operation Endgame—with having disrupted parts of the ransomware ecosystem, and it lists Qilin (21%), Akira (9%) and LockBit 3.0/Black (5%) among the most-observed strains in 2025[infosecurity-magazine.com]. ANSSI recorded 460 events flagged as possible data leaks and confirmed 42% of those as actual data breaches[cyber.gouv.fr], and linked multiple campaigns observed in the report to Russian- and Chinese-linked actors targeting government, diplomatic and research entities[cyber.gouv.fr].
