ENISA Threat Landscape 2025 — Part 4:

The 2025 edition of European Union Agency for Cybersecurity (ENISA) Report dives deep into how disinformation and hacktivism have evolved into coordinated, state-linked instruments of influence and disruption across Europe.

INFORMATION MANIPULATION

➡️ 86 documented FIMI operations targeted EU institutions and Member States.

➡️ 60.5% of these were attributed to known information manipulation sets — coordinated influence groups combining fake accounts, media portals, and automated bots.

➡️ Russian groups focused heavily on EU elections, political summits, and crisis events, exploiting breaking news and social unrest to maximize visibility.

Photo: https://pl.freepik.com/

Manipulation Tactics:

1️⃣ Fakenews ecosystems — building entire networks of imitation media outlets with credible-looking names.

2️⃣ Synthetic personas — fake journalists or analysts used to seed divisive content.

3️⃣ AI-generated content — deepfake videos, forged statements, and synthetic “quotes” attributed to EU leaders.

4️⃣ Cross-platform amplification — coordinated posting across Telegram, X, and fringe forums to simulate organic engagement.

ENISA notes that roughly 25% of FIMI narratives explicitly sought to degrade the image of the EU, spreading stories that questioned European unity and crisis response capability.

HACKTIVISM

➡️ Hacktivism, though often technically unsophisticated, remains one of the most active and visible threats across the EU.

➡️ ENISA recorded hacktivist claims in 79% of total incidents during the reporting period — a dramatic rise fueled by geopolitical polarization.

➡️ 91.5% of hacktivist attacks were DDoS campaigns targeting websites of government institutions, parliaments, and ministries.

➡️ Intrusions accounted for 5.1%, and data breaches for only 3.4%, showing that while visibility is high, the actual damage is limited.

➡️ Pro-Russia hacktivist alliances dominate, but ENISA also notes rising pro-Palestine and anti-Western coalitions, many sharing infrastructure or coordination channels.

➡️ The lines between hacktivism, hasztag#cybercrime, and state operations are increasingly blurred.

From the Polish perspective, these findings are extremely relevant. Russia continues to weaponize information to destabilize public opinion, manipulate narratives, and create chaos — particularly in countries like Poland that stand on the geopolitical front line. Hacktivism is growing, often supported by state actors or cybercrime alliances, creating a hybrid form of ideological and technical warfare. DDoS attacks are the most common, but the most damaging attacks are those targeting government systems and critical infrastructure, including OT.

Link

Author: Sebastian Burgemejster