Threat Intel - Attack Handoff Times Plummet Significantly
Basically, hackers are getting faster at passing control of attacks to each other.
Attack handoff times have dropped to just 22 seconds, indicating a surge in exploit-based attacks. High-tech and financial sectors are most affected. Enhanced cybersecurity measures are essential to combat these threats.
The Threat
Recent reports indicate a significant shift in the cybersecurity landscape. The median time between initial network access and handoffs to secondary threat operations has plummeted from over 8 hours in 2022 to just 22 seconds last year. This drastic reduction highlights a troubling trend: attackers are becoming more coordinated and efficient. The rise in automation among initial access partners and secondary groups is a key factor in this change.
Exploits remain the leading attack vector, with vulnerabilities like the SAP NetWeaver flaw (CVE-2025-31324), the Oracle EBS flaw (CVE-2025-61882), and the SharePoint bug (CVE-2025-53770) being the most exploited. These vulnerabilities are often followed by phishing attacks, previous breaches, and compromised credentials, showcasing a multifaceted approach to cyberattacks.
Who's Behind It
The report, compiled by Google Cloud Mandiant, reveals that cybercriminals are adopting increasingly clandestine methods. Notably, North Korean IT workers and cyberespionage operations are among the most active groups leveraging these tactics. The data indicates that incidents without detection can now linger for up to six months, a concerning trend that underscores the evolving nature of cyber threats.
The high-tech industry has emerged as the most targeted sector, followed closely by financial services, business services, and healthcare. This targeting pattern suggests that attackers are focusing their efforts on industries that manage sensitive information, which can yield high rewards.
Tactics & Techniques
The findings also reveal that median dwell times—the duration that attackers remain undetected—have increased from 11 days in 2024 to 14 days in 2025. This increase suggests that attackers are becoming more adept at hiding their activities within networks. The prevalence of undetected incidents has raised alarms, indicating a need for improved detection and response strategies.
Moreover, the report points to the growing automation in attack processes. As attackers streamline their operations, the speed at which they can hand off control of compromised systems to other actors increases, making it more challenging for organizations to respond effectively.
Defensive Measures
To combat these evolving threats, organizations must prioritize their cybersecurity strategies. Here are some recommended actions:
- Enhance monitoring capabilities to detect anomalies in network traffic.
- Implement robust patch management to address known vulnerabilities swiftly.
- Invest in threat intelligence to stay informed about emerging exploits and tactics used by attackers.
By adopting these measures, organizations can better defend against the rising tide of coordinated cyberattacks and mitigate the risks associated with quick attack handoffs.
SC Media