Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Europe Intelligence Insights Report, July 2025. Intelligence That Defeats The Enemy.
← Research Hub

Europe Intelligence Insights Report, July 2025. Intelligence That Defeats The Enemy.

Crypto holders in Europe - tax declarations may drain your funds. Apparel, retail, and luxury businesses - stay alert. Companies in the region - they’re after your accounts, credentials, and financial data. Also, new ransomware groups are already on a spree. Get the complete context of what we’re talking about — It’s all in the report.

Europe’s Latest Threat Activity

June saw phishing campaigns target taxpayers, escalating attacks on retail, manufacturing, and more, new ransomware groups emerging, and persistent ones claiming fresh victims.

78 ransomware incidents were recorded in the region.78 ransomware incidents were recorded in the region.

Ransomware group targeted companies and government organizations in the UK, Italy, and Switzerland.Ransomware group targeted companies and government organizations in the UK, Italy, and Switzerland.

 

Most Active Threat Actors & Targeted Industries
See which actors were busiest in June – and which sectors took the hardest hits.

 

Scam Spotlight
Attackers posed as European tax authorities, including the Dutch Belastingdienst, to target crypto holders.

 

Two attack paths observed:

Theft of seed phrasesTheft of seed phrases

Wallet draining via malicious smart contractsWallet draining via malicious smart contracts

Over 1,496,290 compromised corporate accounts in Europe.

A key event was the discovery of a phishing campaign by threat actor PendingLocust to harvest login credentials and payment data.

Services like Trello (5061 accounts), GitLab (2269 accounts), among other platforms, were tied to compromised accounts.

Stop Threats Before They Take Over

Group-IB experts outline urgent risks across the region and provide immediate actions you should take to harden your defenses.

Receiving insights but unsure how to use them to upgrade your cyber defenses? Our experts are ready to assist.

Stay informed. Stay protected.

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields: