Security Navigator 2025 Reveals Europe As Top Target for Hacktivism, With Groups Shifting Focus to Cognitive Warfare

Orange Cyberdefence, the specialist business unit of Orange dedicated to cybersecurity and leader in cybersecurity services, has launched its sixth annual international and multi-industry investigative research, the Security Navigator 2025. It uses extensive data analysis to provide a detailed view of the cybersecurity landscape, shaped by geopolitical conflict and the increasing sophistication of threat actors. As threats to critical infrastructure and public trust continue to evolve, the report emphasises the need for organisations to strengthen their defences against a rising tide of politically motivated cyber-attacks.

The Security Navigator 2025 reveals that one prominent pro-Russian hacktivist group targeted Europe – primarily Ukraine, Czech Republic, Spain, Poland, and Italy – with 96% of their attacks, marking the region as their primary focus. The report also shows that Europe is the second most impacted region by Cy-X, with victim numbers increasing by 18% YoY. The most affected European countries are Italy (19%), Germany (19%), France (16%), Spain (13%) and Belgium (8%). In the Nordics, Cy-X activity has grown at a rapid pace, with a 38% increase in victim counts.

The report notes that this audacious pro-Russian hacktivist group, which is one of the most active, has conducted over 6,600 attacks since early 2022, mostly targeting symbolically important European entities. Hacktivist groups are increasingly recognising the power of cognitive attacks, skilfully using technical disruptions not only to create direct impact but to manipulate public opinion, undermine trust in institutions, and destabilise societal confidence. By attacking election-related systems and other symbolic institutions, these groups aim to draw attention to the political and economic issues they consider important, creating fear, uncertainty and doubt. This strategic shift shows how modern hacktivists target perception as much as infrastructure, posing a unique challenge for organisations tasked with protecting both physical assets and public trust.

Despite hacktivism focusing on Europe, North America is not unscathed in this year’s report. North America, dominated by the US, was the most impacted region globally by cyber extortion, with a 25% YoY increase in cases. The US also experienced the highest concentration of targeted OT attacks, accounting for 49% of all incidents. This trend reinforces the region’s position as a top target for financially motivated threat actors but leads to questions about why hacktivists are avoiding it. The Security Navigator 2025 surmises that this may be because they fear repercussions from the nation.

Hacktivists Extend Reach to Operational Technology Systems

Another emerging concern is hacktivist activity targeting OT systems, critical for operating essential infrastructure in the manufacturing, energy, healthcare and transportation sectors. The Security Navigator 2025 attributes nearly 1 in 4 (23%) of sophisticated attacks targeting OT to hacktivists. As such attacks have typically been associated with state actors, the growth of hacktivism reveals a new level of sophistication and risk to critical infrastructure.

46% of OT cyber-attacks resulted in ‘manipulation of control,’ which means that the adversary managed to manipulate the physical process. The utilities sector has been heavily affected, with the report finding that it suffered 46% of attacks that directly targeted OT systems. This highlights the continued vulnerability of OT systems to politically motivated cyber-operations.

Hugues Foulon, CEO of Orange Cyberdefence, stated, “Cyber threats have become a critical barometer for anticipating global geopolitical tensions. The insights generated by our cyber teams provide a fresh and robust perspective on international disruptions and their operational impacts on society.”

“The Security Navigator 2025 underscores an urgent need for coordinated defensive strategies across Europe and beyond, including enhanced incident response measures, strengthened OT protections, and proactive monitoring of public channels to counter the unique blend of cyber extortion, hacktivism, and cognitive warfare facing European organisations,” said Foulon.

Cyber Extortion’s Rising Toll on Small and Medium Businesses

The report highlights a worrying increase in cyber extortion impacting SMBs, with a 53% YoY rise in incidents targeting small businesses. The compounding effect of ‘revictimisation’ – where stolen data is reused in multiple extortion campaigns – further amplifies these organisations’ financial and psychological toll. SMBs now account for over two-thirds of all observed cyber extortion victims.

Critically, SMB cybersecurity may also impact large organisations as the first are often part of their supply chain. An incident at a small player can lead to a cascade of disruptions throughout the chain.

The Security Navigator 2025 also suggests that the traditional approaches to ‘vulnerability management’ are no longer fit for purpose, due to the large number of vulnerabilities security teams must handle, which takes them away from more meaningful work that would prevent a successful attack. This is especially true for smaller SMB teams.

The impact of cyber extortion across the Asia-Pacific region, however, shows significant variation. While Japan ranks as the 13th most affected country globally, China reports a lower number of victims. South Korea and Singapore have experienced a moderate level of incidents.

Philip Lee, Head of Orange Cyberdefence, APAC, shared, “We are living in an era where digital technologies power economies, connect societies, and drive innovation at an unprecedented pace. Particularly with the rise of adversarial AI techniques, combined with increasing connectivity through IoT and 5G, are factors contributing to the expansion of attack surface of systems and infrastructures.”

“The varied Cyber Extortion and hacktivism landscape across APAC now demands flexible and localised security strategies to build a safer digital society amidst the region’s vast economic and technological diversity,” he said.

Increased Aggression Against Healthcare and Beyond

As cyber extortion continues to increase globally, the report notes that it’s also becoming increasingly ‘cynical.’ This year, there has been a 50% YoY increase in attacks targeting the Health Care and Social Assistance sector, ranking it as the fourth most impacted industry. Subsectors such as Ambulatory Health Care and Hospitals are now being frequently targeted, which points to a further erosion of the ‘moral’ restraints that previously protected these sectors.

Other sectors have also experienced a marked rise in Cy-X attacks this year. The top three most impacted industries have all seen significant increases: +25% for Manufacturing, +20% for Professional, Scientific, and Technical Services, and +65% for Wholesale Trade.

AI: A Double-Edged Sword in Cybersecurity

The Security Navigator 2025 highlights AI as a powerful yet complex tool, with both defensive and offensive cybersecurity applications reshaping threat dynamics. Threat actors, including state-sponsored actors from countries such as China, Russia and Iran, are leveraging GenAI to create realistic phishing content, fake images and deepfakes to deceive large audiences, which is supporting their deployment of ‘cognitive attacks.’

On the defensive side, the report found that AI is beneficial for detecting hard-to-identify threats. AI-driven systems have improved detection rates for advanced threats like ‘beaconing’ – a tactic where malware sends subtle, periodic signals to command-and-control servers – reducing incident response times by up to 30% as organisations use AI to identify and intercept these signals before damage can escalate. However, the report also warns about vulnerabilities in GenAI solutions and urges businesses to implement strict access rights to sensitive data and systems, ensure isolation between tenants, and educate users about the risk of data leaks in prompts.

Charl van der Walt, Head of Security Research at Orange Cyberdefence, said, “The story in this year’s report is far bigger than statistics and technical details. It shines a light on a growing cynicism in the threat landscape as different threat actors seem less concerned about the potential of causing harm, and may even be more intent on inflicting it than ever before.”

The full Security Navigator 2025 report can be downloaded here: https://www.orangecyberdefense.com/global/security-navigator