In today’s fast-moving digital landscape, cyber threats are evolving at an unprecedented pace. Threat actors are deploying increasingly sophisticated tactics, and the UK public sector has become a critical target.  

Quorum Cyber’s latest report, Relentless Threats: 2025 Mid-Year Global Cyber Risk Outlook Report, released in August 2025, reveals how threat actors are innovating faster than ever and targeting public sector organisations with increasingly complex and coordinated attacks.  

Why is the public sector at risk?  

Government bodies and public service providers hold vast amounts of confidential data, ranging from citizens’ records and tax information to national security assets. Yet many operate with fragmented IT environments, outdated infrastructure and limited cyber security budgets. 

The sector’s reliance on cloud-native infrastructure has also introduced new vulnerabilities. Groups like Codefinger have exploited Amazon Web Services (AWS) features to encrypt cloud data, and similar tactics are now being used against public sector platforms. These attacks aren’t just technical – they’re strategic, exploiting operational weaknesses and trust. 

The ever-evolving threat landscape 

The  2025 Mid-Year Global Cyber Risk Outlook Report  isn’t just another industry update – it’s a wake-up call for the UK public sector. The first half of 2025 saw the emergence of over 70 new threat groups and Malware-as-a-Service (MaaS) offerings, tracked by Quorum Cyber’s Threat Intelligence team. These developments reflect the rapid innovation of cybercriminals, who now operate using affiliate models, franchising, and white-label ransomware services, mirroring some of the practices used by enterprise software companies and enabling even low-skilled threat actors to launch high-impact attacks. 

This means that UK public sector organisations face a growing number of adversaries using diverse techniques to exploit legacy systems and access sensitive data. 

Quorum Cyber’s report highlights how ransomware groups are innovating not just technically, but tactically. Criminal organisations such as Qilin and DragonForce are pioneering “quadruple extortion” methods, using AI negotiation chatbots, legal harassment services, and call centres to pressure victims across the public sector. 

If your organisation is responsible for safeguarding citizen data or delivering essential services, this report is essential reading.  

Paul Caiazzo, Chief Threat Officer, explains: “Defence starts with deep, continuous visibility into the evolving threat landscape. In our role at the intersection of intelligence, incident response, and counter extortion, we are uniquely positioned to observe how threat actors operate, adapt, and increasingly collaborate to amplify their impact.” 

Ready to strengthen your cyber security? 

In the next blog, we explain how the public sector can build resilience against this new group of threats.  

Stay ahead of emerging threats and join our Threat Intelligence community. Get timely updates, clear bulletins, and detailed malware reports to help you confidently protect your organisation. 

Contact us today to speak with our experts and receive tailored support to bolster your organisation’s security posture and cyber resilience.