BRUSSELS, 1st October, 2025 (WAM) -- The European Union Agency for Cybersecurity (ENISA) warned that cyber-threat groups are reusing tools and techniques, introducing new attack models, exploiting vulnerabilities and collaborating to target the security and resilience of the EU's digital infrastructure.

In its annual report "Threat Landscape", ENISA analysed 4,875 incidents over a period spanning from 1st July 2024 to 30th June 2025. At its core, this report provided an overview of the most prominent cybersecurity threats and trends the EU faces in the current cyber threat ecosystem.

ENISA Executive Director Juhan Lepassaar stated, "Systems and services that we rely on in our daily lives are intertwined, so a disruption on one end can have a ripple effect across the supply chain. This is connected to a surge in abuse of cyber dependencies by threat actors that can amplify the impact of cyberattacks."

He added that the ENISA Threat Landscape provides valuable insights to enable informed decision-making and prioritisation to safeguard critical infrastructure and ensure that the digital future is secure.

The report showed that DDoS attacks was the dominant incident type and accounted for 77 percent of reported incidents, the greater part of which were deployed by hacktivists, while cybercriminals represent only a minor portion.

Ransomware is identified as the most impactful threat in the EU.

Hacktivism took the lead, representing almost 80 percent of the total number of incidents, primarily through low-impact DDoS campaigns targeting EU Member States organisations' websites, with only 2 percent of hacktivism incidents resulting in service disruption.

State-aligned threat groups steadily intensified their operations towards EU organisations. State-nexus actors carried out cyberespionage against the public administration sector, while EU audiences were faced with Foreign Information Manipulation and Interference (FIMI).

Phishing (60 percent), followed by vulnerability exploitation (21.3 percent) are the two leading intrusion access points.

Based on the updated ENISA Cybersecurity Threat Landscape Methodology and a new format, the findings include updated key trends.

Phishing remains the leading method of intrusion, responsible for about 60% of cases, with new models such as Phishing-as-a-Service making attacks easier and more automated. At the same time, cybercriminals are increasingly exploiting digital dependencies, particularly in supply chains, to amplify the impact of their actions across Europe's interconnected systems.

Another notable trend is the convergence of threat actors, as state-aligned groups, hacktivists and cybercriminals increasingly share tactics, tools and objectives. This is illustrated by "faketivism," where state-aligned actors employ hacktivist characteristics, as well as with similarities in tools utilised by both hacktivists' groups and cybercriminals.

The growing role of AI has become an undeniable key trend of the rapidly evolving threat landscape. The report highlighted AI use both as an optimisation tool for malicious activities but also as a new point of exposure. Large Language Models (LLMs) are being used to enhance phishing and automate social engineering activities.

By early 2025, AI-supported phishing campaigns reportedly represented more than 80 percent of observed social engineering activity worldwide.

Attacks on the AI supply chain are on the rise. While the focus of threat activities involving AI was the use of consumer-grade AI tools to enhance their existing operations, the emergent malicious AI systems is raising concerns about their capabilities in the future due to the widespread use of AI models.

Last but not least, a higher volume of attacks toward mobile devices has been noted, with a focus on compromising outdated devices.

The report also highlighted the top targeted sectors in the EU. The first is public administration (38.2 percent), being the focus of hacktivism and state-nexus intrusion sets conducting cyberespionage campaigns on diplomatic and governmental entities.

At second place is the transport sector (7.5 percent), followed by digital infrastructure and services (4.8 percent), finance (4.5 percent) and manufacturing (2.9 percent).

The close match between the sectors with the highest ranking and the sectors under scope for the NIS2 Directive underscores the importance of the Directive. 53.7 percent of the total number of incidents concern essential entities, as defined by the NIS 2 Directive.

Three of the top-five targeted sectors have consistently stayed in the top ranks for two consecutive years, whereas public administration has seen a notable rise in incidents this year, driven by the increased hacktivists' DDoS attacks.