Search

ENISA Threat Landscape 2025 — Part 3

Katarzyna Celińska
1 day ago
1 min read

The latest European Union Agency for Cybersecurity (ENISA) Report () provides a detailed analysis of how cybercrime and state-aligned operations have evolved.

CYBERCRIME

Ransomware continues to dominate the European cyber threat landscape.

Over 81% of all recorded cybercrime incidents involved ransomware, and 15% were linked to data breaches often stemming from those same attacks.

However, ENISA notes a major shift in tactics and ecosystem structure:

The ransomware landscape has fragmented, with smaller, independent groups replacing the few large, dominant players.

There are now 82 active ransomware variants across Europe.

Tactics, Techniques, and Procedures

➡️ Reuse of leaked ransomware builders.

➡️ Emergence of Ransomware-as-a-Service models, enabling non-technical criminals to launch full-scale attacks.

➡️ EDR-killing tools used to disable endpoint defenses before exfiltration.

➡️ New infection vectors, including fake CAPTCHA pages, cloud file-hosting abuse, and embedded malicious links in video platforms.

Photo: https://pl.freepik.com/

Cryptocurrency

The report underscores how cryptocurrency remains the preferred payment and laundering mechanism for ransomware groups. Despite increasing regulation and tracking, blockchain transactions continue to fuel what ENISA calls a “self-sustaining criminal economy.”

STATE-ALIGNED ACTIVITIES

Russia: Disruption and Destabilization

Russia-linked threat actors remain the most active state-aligned groups in Europe, responsible for large-scale campaigns targeting:

➡️ Government institutions,

➡️ Critical infrastructure, and

➡️ Media organizations through disinformation and hybrid operations.

Their key goal: disruption and paralysis.

China: Espionage and Technology Theft

China-linked intrusion sets have expanded significantly.

Their operations are less disruptive but more strategic — focused on:

➡️ Intellectual property theft,

➡️ Technology and R&D espionage,