European Union Agency on Cybersecurity has released its inaugural successful report on Threat Landscape 2025, which reviews 4,875 successful incidents of cybersecurity incidents between July 2024 and June 2025. The report reveals distressing trends such as a surge in supply-chain attacks, zero-day, and advanced convergence attacks against EU digital infrastructure by threat actors.
DDoS attacks dominate the incident landscape with a hacktivist surge
Under scrutiny, the European Union Agency for Network and Information Security (ENISA) found DDoS attacks reported 77 percent less, with hacktivists dominating, while a few cybercriminals use the attack. Hacktivism also accounted for almost 80 per cent of all cases, even with low-impact DDoS attacks on the websites of organisations based in the European Union’s Member States, and 2 per cent of this was so intense that there was actual service disruption in the affected systems.
State-backed threat actors were increasingly demonstrating a more aggressive posture towards organisations in the European Union, leading advanced cyberespionage efforts. Phishing (60%) and vulnerability exploitation (21.3%) are the two most common entry points of malicious actors. More than 80 percent were ideologically inspired and involved only suspicious hacktivists in the form of coordinated distributed denial of service actions targeting state and critical infrastructure systems.
Phishing is the largest category of attack, and accounts for an attack in roughly 60 percent of both incident types. Phishing-as-a-Service (PhaaS) is another advancement where pre-built phishing kits are shared, which suggests automation to construct attacks regardless of technical skills or sophistication level.
Dark Web Supply Chain Dependencies Turn Into Leading Threat Multipliers
It has been noted that during the period of reporting, more aggressive targeting of cyber dependencies has been recorded. The cybercriminals put in extra effort to exploit weaknesses in the digital supply chain at critical dependencies to ensure the threat of maximum attack. Using an action mindset, the digital ecosystem has a multiplying effect through the correlatedness of dispersed actions, leading to spillover effects in multiple organizations and sectors.
Threat communities show a lot of overlap – in terms of TTPs (tactics, techniques, and procedures), target types, and strategic goals. They include the trend of fattivism – where state actors include the behavioural features of hacktivism without its motives. CI has become an undisputed trend of relevancy with malicious optimization applications, and as a new way organizations get exposed.
Social engineering is reaching the pinnacle of sophistication, owing to AI
Large Language Models can assist in scaling phishing campaigns and automate social engineering campaigns very efficiently. By early 2025, AI-enabled phishing activity is expected to account for most social engineering activity in the world. The growing number of attacks on AI supply chains is a cause for concern for the widespread use of AI models in business applications.
Public administration is determined to be a priority area
For targeted companies, the largest percentage of firms with scores of 38.2% belong to the public administration sector, the target of the hacktivism-state-nexus intrusion sets, followed by transport (7.5%), digital infrastructure (4.8%), finance (4.5%), and manufacturing (2.9%). The proximity of both the most senior thematic areas to the NIS 2 Directive shows the strategic character of the Directive: 53.7% of abuses concern the critical entities based on the NIS 2 Directive, with a substantial increase voted by the public administration due to the high DDoS attacks by hacktivists during the year (up +800%).
Evidence of changing cyber threats to critical systems is seen with the increase in supply chain targeting, coordinated devices, social engineering through AI, and coordinated hacktivist activity. As companies become more globally interconnected, collaborations, and academically agile, there’s also a growing need for more secure defense strategies, taking into account globalized vulnerabilities and the need for resilience against advanced threat actors that are more used to digital convenience.