European Union Agency for Cybersecurity (ENISA) – Threat Landscape 2025

Νοέμβριος 21, 2025

Last month, the European Union Agency for Cybersecurity (ENISA) published the Threat Landscape report for 2025, which provides an updated, threat-centric analysis of cyber incidents across the EU. The report examines 4,875 incidents between 1 July 2024 and 30 June 2025, offering a clear view of the evolving cyber threat ecosystem affecting European organisations.

 

Key findings

 

- DDoS attacks dominate the threat landscape, accounting for 77% of reported incidents, primarily driven by hacktivist activity. Only a very small portion resulted in actual service disruption.

- Ransomware remains the most impactful threat in terms of damage and organisational impact.

- Hacktivism represents nearly 80% of all incidents, with activity mainly targeting public-facing websites of EU organisations.

- State-aligned threat groups intensified operations, conducting cyberespionage against public institutions and targeting EU audiences with Foreign Information Manipulation and Interference (FIMI).

- Phishing (60%) and vulnerability exploitation (21.3%) are the two leading intrusion vectors.

- Nearly 80% of incidents are ideology-driven, predominantly DDoS attacks by hacktivist groups.

 

Deep-Dive into Emerging Trends

 

The report identifies several trends shaping the 2024–2025 cybersecurity environment:

- Phishing evolves with automation, including Phishing-as-a-Service (PhaaS) and AI-optimized campaigns. By early 2025, AI-supported phishing accounted for over 80% of social engineering incidents globally.

- Attacks targeting cyber dependencies, including digital supply chains, are increasing as adversaries exploit interconnected systems to maximize impact.

- Convergence of threat actors is becoming more visible, with overlaps in TTPs and toolsets among hacktivists, cybercriminals, and state-aligned groups, illustrated by emerging patterns such as faketivism.

- AI plays a dual role, both as an enabler for attackers and as a source of new vulnerabilities, including attacks on the AI supply chain.

- Mobile devices face rising threats, especially outdated or unpatched systems.

 

Most Targeted Sectors in the EU

 

The public administration sector remains the top target (38.2%), driven largely by hacktivist campaigns and state-backed espionage. It is followed by Transport (7.5%), Digital infrastructure and services (4.8%), Finance (4.5%), Manufacturing (2.9%).

More than 53% of all incidents involved essential entities as defined under the NIS2 Directive, underscoring its continued relevance for Europe’s cybersecurity resilience.

 

Read ENISA’s press release and access the full ENISA Threat Landscape 2025 report here.

 

 

 

 

Post Views: 80