Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Europe Intelligence Insights, October 2025
← Research Hub

Europe Intelligence Insights, October 2025

Europe’s cyber pulse: targeted sectors, refined tactics, and a widening attack surface

Financial, legal, and manufacturing sectors came under pressure in the autumn of 2025. Ransomware leaks, phishing frameworks, and sector-focused DDoS attacks revealed dangerous activity across the region.

Find out which actors drove the shift and how their tactics evolved.

Europe’s latest threat activity Europe’s latest threat activity

Threat actors continued to focus on the financial, legal, and manufacturing sectors, exploiting existing vulnerabilities and expanding their toolkits.
More than20,248 compromised accounts appeared on dark-web markets, significantly broadening Europe’s exposure surface.

Attack diversity Attack diversity

Both financially motivated and politically aligned groups remained active across the region. The most targeted countries by DDoS and hacktivist activity were Ukraine, France, Germany, and Italy. Names of key groups and deeper trend analysis are available in the report.

Initial access & credentials for sale Initial access & credentials for sale

Initial access brokers listed multiple high-value organizations, including a 206 million-dollar-revenue company from Serbia’s marine shipping sector.
Leaked corporate credentials included thousands of SaaS and administrator accounts belonging to users in France, Spain, Italy, Poland, and Germany.

MuddyWater’s evolutionMuddyWater’s evolution

The APT group MuddyWater extended its operations from the Middle East into Europe and the United States. The group shifted from opportunistic RMM abuse to targeted spear-phishing and custom malware.

Stop threats before they take over

Group-IB experts outline regional risks and predictive trends to strengthen your defenses.

Unsure how to translate these insights into prevention? Talk to our experts.

Stay informed. Stay protected.

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

Intelligence Insights Report, October 2025
New
Trend Report
Intelligence Insights Report, October 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, September 2025
New
Trend Report
Intelligence Insights Report, September 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, August 2025
Trend Report
Intelligence Insights Report, August 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more