Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Europe Intelligence Insights Report, August 2025
← Research Hub

Europe Intelligence Insights Report, August 2025

Italian defense and security data leaked. New ransomware groups make their presence known. Acts of retribution against governments in Germany, Italy, Belgium, Spain, Romania, Latvia, and Czechia, as well as the website of Europol (find out the threat actors involved) - get all insights in the report.

Europe’s Latest Threat ActivityEurope’s Latest Threat Activity

August in Europe had “new and coordinated threat activity” written all over it.
94 ransomware incidents were recorded in the region.
Retail, automotive, and education sectorswere hit the worst by ransomware. A 400% increase in activity was observed for both industries and 233% for retail.
At least five new ransomware groups emerged in July 2025, and existing groups escalated attack activities.

Attack diversityAttack diversity

Both state-aligned hacktivists and financially motivated ransomware gangs are highly active.
Tactics: Hacktivism = disruption, DDoS, retaliation.
Ransomware = extortion, leaks, targeting critical industries.

Hacktivism takes overHacktivism takes over

Germany tops the chart with 61 attacks (+455%), followed closely by Ukraine (58).
Switzerland and France also saw sharp increases (+800% and +180%).

Most Active Threat Actors & Targeted IndustriesMost Active Threat Actors & Targeted Industries

Act of retribution: Threat actors combined forces to target government websites in Germany, Italy, Belgium, Spain, Romania, Latvia, and Czechia, as well as the website of Europol, as for Operation Eastwood (an international law enforcement operation led by Europol, supported by Eurojust, targeting the pro‑Russian cybercrime group – NoName057(16).

Salesforce has an impersonatorSalesforce has an impersonator

Group-IB team analyzed a phishing campaign impersonating Salesforce that targeted companies in the United States, Canada, Taiwan, the Netherlands, the United Kingdom, and Germany.

Stop Threats Before They Take Over

Group-IB experts outline urgent risks across the region and provide immediate actions you should take to harden your defenses.

Receiving insights but unsure how to use them to upgrade your cyber defenses? Our experts are ready to assist.

Stay informed. Stay protected.

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

Intelligence Insights Report, September 2025
New
Trend Report
Intelligence Insights Report, September 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, August 2025
Trend Report
Intelligence Insights Report, August 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more
Intelligence Insights Report, July 2025
Trend Report
Intelligence Insights Report, July 2025
Explore the most notable cybersecurity events in the region and the best practices
Learn more