ENISA’s 2025 Threat Landscape Report: A Deep Dive into Cybersecurity Challenges
The European Union Agency for Cybersecurity (ENISA) has released its 2025 Threat Landscape report, revealing alarming trends in cyberattacks directed at operational technology (OT) systems in Europe. This comprehensive analysis is crucial for understanding the evolving threat landscape and enhancing defenses across various sectors.
Overview of Cyber Incidents
The report aggregates data from nearly 4,900 cybersecurity incidents documented between July 2024 and June 2025. This collection includes both publicly reported incidents and attacks conveyed to ENISA from EU member states and participants in its information-sharing initiatives. Such extensive research provides valuable insights into the types of threats organizations face.
Key Findings on Threat Targets
While ENISA’s report spans a wide array of cyber threats, it highlights that 18.2% of these incidents were specifically aimed at operational technology. This figure positions OT behind mobile threats, which comprised 42% of attacks, and web threats at 27%. The increasing percentage of attacks on OT systems underscores the vulnerabilities present within industrial and critical infrastructure.
ENISA pointed out that the rising number of OT threats reflects a concerning trend as industrial systems become more interconnected and thus more susceptible to compromise.
Motivations Behind OT Attacks
Many attacks targeting industrial control systems (ICS) are attributed to hacktivist groups. However, these groups are often state-sponsored, complicating the landscape of cyber threats. One notable example is the pro-Russian hacker group NoName057(16), recognized for its distributed denial-of-service (DDoS) attacks against European nations. ENISA indicates that NoName057(16) is a member of the more extensive Z-Pentest Alliance, which has been operational since October 2023 and is known for its specific focus on ICS and OT systems.
Z-Pentest Alliance: A State-Sponsored Threat
According to a report from Orange Cyberdefense, Z-Pentest Alliance has a distinct aim of undermining industrial and control systems in Western countries. By exploiting technological weaknesses, this group seeks to bolster Russia’s geopolitical stance. ENISA has observed that members of Z-Pentest have increasingly targeted OT systems in Italy, particularly since late 2024, illustrating a worrying trend.
Emerging Groups and Their Activities
Another pro-Russia group highlighted by ENISA is Rippersec, which has gained momentum in its operations against EU member states. This organization’s attacks seemingly focus on public administration and the media/entertainment sectors, with a specific interest in compromising operational technology systems.
Infrastructure Destruction Squad (IDS)
The report also draws attention to the Infrastructure Destruction Squad (IDS), which emerged in June 2025. IDS is associated with developing malicious software tailored to ICS, notably a malware dubbed VoltRuptor. This malware features advanced persistence and anti-forensic capabilities, reportedly available for purchase on the dark web.
ENISA documented an IDS strike on an Italian smart building automation firm, expanding the narrative of cyber threats to include industrial facilities in Ukraine, Romania, and the United States. "As this threat is too recent to assess fully, the leveraging of the IDS identity by a Russia-aligned intrusion set is a plausible scenario," the report maintains.
Implications for Cybersecurity
The findings outlined in ENISA’s 2025 Threat Landscape report present significant implications for cybersecurity across Europe. With the increasing sophistication of cyber threats—especially targeting operational technology—organizations must prioritize robust defenses and remain vigilant against evolving tactics employed by threat actors.
This report serves as an essential resource for cybersecurity professionals and lays the groundwork for future enhancements in security protocols. The full 2025 Threat Landscape report is accessible as a PDF on ENISA’s website, providing in-depth analysis and data for those looking to better understand the current landscape of cyber threats.
Related Resources
For further guidance, recent publications such as NIST’s guide on protecting ICS against USB-borne threats and new recommendations for OT operators to maintain continuously updated system inventories may be beneficial.
