A new report from ENISA (European Union Agency for Cybersecurity) warns that public administrations across the EU are facing a surge in cyberattacks, with hacktivists increasingly relying on distributed denial-of-service (DDoS) campaigns. Central governments were the most targeted, accounting for 69% of incidents. The majority of incidents targeted the websites of parliaments, ministries, and national authorities/agencies, largely skewed by DDoS attacks.
As these institutions handle vast amounts of sensitive data and provide essential public services amid growing digitization, even a single incident can cause major disruption and erode public trust. The 42-page report identifies DDoS attacks, data breaches, ransomware, and social engineering as the most prevalent threats. ENISA’s latest sectoral analysis offers a comprehensive view of these risks, aiming to inform better risk assessments, strengthen mitigation strategies, and guide policymaking across the public sector.
...
ENISA expects several trends to shape the cyber threat landscape for the EU’s public administration sector in 2025. DDoS campaigns are likely to continue, particularly around major events such as elections and international summits, though they may not cause significant operational disruptions. State-linked activity is also expected to persist, with Russia- and China-aligned intrusion groups maintaining cyber espionage campaigns aimed at collecting strategic data from EU institutions.
The use of artificial intelligence in social engineering is projected to grow, with generative language models, voice-cloning, and face-swap tools increasingly leveraged for phishing, vishing, and misinformation campaigns. These operations may move beyond simple extortion to focus on manipulating public opinion and eroding trust. Opportunistic ransomware attacks are also anticipated to continue, causing occasional but notable service disruptions across the public sector.
...
The report also identified state-nexus intrusion sets publicly documented as associated with Russia and China that were active in cyberespionage campaigns against the public administration in the EU, notably targeting governmental entities.
...
Addition:
China-linked hacker group UNC6384 (also known as Mustang Panda) attacks European diplomatic agencies in Hungary, Belgium, Italy, the Netherlands, and Serbia between September and October 2025.