Cyberwarfare / Nation-State Attacks,
Fraud Management & Cybercrime
ENISA Reports Significant Rise in Nation-State Hacking Over Last Year
The European Union Agency for Cybersecurity (ENISA) has revealed a worrying trend: nearly all EU member states have faced cyberattacks linked to nation-state actors over the past year, mainly attributed to Russian and Chinese hackers. This steady escalation in cyberactivity underscores a growing threat landscape, with significant implications for governments and businesses alike.
According to ENISA’s latest annual threat report, from July 2024 to July 2025, 46 cyber incidents were confirmed as being backed by nation-state actors, representing 7.2% of all documented cyber events in the EU. Remarkably, Luxembourg is noted as the only member state lacking disclosed attacks, a status the agency attributes to potential underreporting.
The report highlighted that Russian-affiliated groups accounted for approximately half of the nation-state hacking incidents. These intrusions primarily targeted public administration, diplomatic services, defense sectors, and digital infrastructure. Notable among these groups are APT29 and APT28, associated with Russia’s Foreign Intelligence Service and the General Staff Main Intelligence Directorate, respectively.
Incidents attributed to APT29 include sophisticated attacks on the European Space Agency and NATO allies, utilizing compromised Microsoft infrastructure to gain access to remote desktop protocol credentials. In several instances, APT29 exhibited deceptive practices by imitating legitimate domains such as Amazon and Microsoft to target EU governmental entities. These tactics are indicative of the Initial Access and Credential Dumping techniques outlined in the MITRE ATT&CK framework.
In addition to Russian threats, the report raises alarms about increased Chinese cyber operations. In particular, the Dutch Military Intelligence and Security Service has noted a marked uptick in espionage activities directed at key sectors, including semiconductors. Chinese hacking campaigns accounted for 43% of the nation-state attacks recorded by ENISA during this period, focusing on strategic data collection and intellectual property theft.
Among the groups identified as attacking European interests are Mustang Panda and APT41, targeting maritime and shipping sectors, while others, like Liminal Panda and Salt Typhoon, focused on telecommunications. These groups are known for their use of edge devices and operational relays, which complicate attribution and conceal long-term espionage activities. Such strategies align with multiple tactics from the MITRE ATT&CK Matrix, including Persistence and Network Discovery, making their detection and mitigation increasingly challenging.
The findings from ENISA serve as a stark reminder of the persistent and evolving threats posed by nation-state actors. As avenues for cyberattacks diversify, organizations must remain vigilant and proactive in their cybersecurity strategies to safeguard critical infrastructure and sensitive data.
