Attackers are more aggressively exploiting cyber dependencies, particularly in the digital supply chain
State-aligned hacking groups have sharply escalated their cyber operations against the EU over the past year, says European Union Agency for Cybersecurity (ENISA) Threat Landscape Report
Hacking groups aligned with hostile states have sharply escalated their cyber operations against the EU over the past year, targeting public institutions and critical infrastructure in an increasingly sophisticated wave of espionage and disruption.
That is according to 2025 Threat Landscape Report [pdf] released by the European Union Agency for Cybersecurity (ENISA) this week.
ENISA analysed 4,875 cyber incidents between 1 July 2024 and 30 June 2025.
Public institutions were the most targeted category, accounting for 38% of all analysed cyber incidents. The transport sector followed with 7.5%, then digital infrastructure and services (4.8%), finance (4.5%), and manufacturing (2.9%).
ENISA notes that state-sponsored cyber espionage campaigns surged during this period, aimed at both data theft and manipulating public sentiment. These campaigns frequently incorporated disinformation efforts, signalling a hybrid threat model that combines technical infiltration with psychological influence.
In a sign of the geopolitical dimension of these threats, several member states have directly attributed recent cyberattacks to Russia and China.
In May, the Netherlands accused Russia of orchestrating a cyber espionage campaign targeting government institutions.
In August, multiple EU nations reported falling victim to the “Salt Typhoon” campaign, a sprawling cyber operation attributed to China’s Ministry of State Security.
The Czech Republic also condemned a cyberattack on its foreign ministry, allegedly carried out by Chinese actors, which exposed thousands of unclassified emails.
Ransomware still the most impactful threat
Despite the uptick in espionage, ENISA identifies ransomware as the most impactful cyber threat within the EU. These attacks, which involve the encryption of systems and demands for payment to restore access, have continued to cause significant disruption across sectors.
Meanwhile, distributed denial-of-service (DDoS) attacks emerged as the most frequent type of attack overall. These involve overwhelming systems with traffic to force them offline, often targeting politically symbolic institutions or services.
Phishing remains the most common method of initial intrusion, accounting for nearly 60% of incidents. This includes vishing, malspam, and malvertising, often delivered through increasingly sophisticated methods like Phishing-as-a-Service (PhaaS) kits that lower the barrier for cybercriminals with limited technical skills.
In parallel, attackers are more aggressively exploiting cyber dependencies, particularly in the digital supply chain, to amplify the scale and impact of their operations. This strategy leverages the interconnected nature of digital infrastructure, allowing a breach in one system to cascade across others.
The ripple effects of such cyber dependencies were dramatically illustrated when a cyberattack on Collins Aerospace, a key provider of airport check-in and boarding systems, caused major delays at Brussels, Berlin, and London Heathrow airports last month.
James Neilson, SVP International at OPSWAT, warns that operational technology (OT) assets, such as those used in transport and energy, are increasingly being targeted by nation-state actors.
“The sectors identified by ENISA as the most targeted are those that contain a significant number of OT systems within their environments,” he said.
Neilson added that IT compromises now account for 58% of incidents involving OT infrastructure, pointing to a critical gap in understanding among many security teams.
“An OT security strategy should follow secure-by-design principles, reinforced by tools such as content disarm and reconstruction (CDR), vulnerability assessments, data loss prevention, and multiscanning to keep files, data, and devices safe in secure OT environments,” he noted.