Europe’s Latest Threat Activity
August in Europe had “new and coordinated threat activity” written all over it.
94 ransomware incidents were recorded in the region.
Retail, automotive, and education sectorswere hit the worst by ransomware. A 400% increase in activity was observed for both industries and 233% for retail.
At least five new ransomware groups emerged in July 2025, and existing groups escalated attack activities.
Attack diversity
Both state-aligned hacktivists and financially motivated ransomware gangs are highly active.
Tactics: Hacktivism = disruption, DDoS, retaliation.
Ransomware = extortion, leaks, targeting critical industries.
Hacktivism takes over
Germany tops the chart with 61 attacks (+455%), followed closely by Ukraine (58).
Switzerland and France also saw sharp increases (+800% and +180%).
Most Active Threat Actors & Targeted Industries
Act of retribution: Threat actors combined forces to target government websites in Germany, Italy, Belgium, Spain, Romania, Latvia, and Czechia, as well as the website of Europol, as for Operation Eastwood (an international law enforcement operation led by Europol, supported by Eurojust, targeting the pro‑Russian cybercrime group – NoName057(16).
Salesforce has an impersonator
Group-IB team analyzed a phishing campaign impersonating Salesforce that targeted companies in the United States, Canada, Taiwan, the Netherlands, the United Kingdom, and Germany.
Group-IB experts outline urgent risks across the region and provide immediate actions you should take to harden your defenses.
Receiving insights but unsure how to use them to upgrade your cyber defenses? Our experts are ready to assist.
Stay informed. Stay protected.