The European Union’s cybersecurity company ENISA has printed its 2025 Menace Panorama report, which reveals {that a} important proportion of the assaults aimed on the EU over the previous 12 months focused operational know-how (OT) programs.
The report relies on the evaluation of almost 4,900 cybersecurity incidents recorded between July 2024 and June 2025. This consists of publicly reported incidents, in addition to assaults reported to ENISA by EU nations and members of an ENISA info sharing program.
ENISA’s report covers a variety of assaults and threats and it doesn’t concentrate on OT. Nevertheless, it reveals that 18.2% of threats noticed in the course of the research interval have been geared toward these kinds of programs, after cellular threats, which accounted for 42% of assaults, and net threats, which accounted for 27%.
“Operational know-how threats characterize 18.2%, reflecting the rising publicity of commercial and important programs as they proceed being more and more related and focused,” ENISA famous.
Most of the publicly disclosed cyberattacks concentrating on industrial management programs (ICS) and different OT programs are performed by hacktivists, or hackers who declare to be pushed by an ideological or political agenda however are in truth a state-sponsored risk group.
One instance is the pro-Russian hacker group NoName057(16), which is especially recognized for its DDoS assaults.
NoName057(16) has been blamed for a lot of assaults geared toward Europe and ENISA identified that the group is an element of a bigger alliance of hacker teams named Z-Pentest Alliance.
In line with a report from Orange Cyberdefense, Z-Pentest Alliance has been round since October 2023 and it’s recognized for assaults geared toward ICS/OT programs. Commercial. Scroll to proceed studying.
“Z-Pentest’s assaults purpose to weaken industrial and management programs (ICS/SCADA) in Western nations, thereby strengthening Russia’s geopolitical affect by exploiting the technological vulnerabilities of its enemies,” Orange Cyberdefense mentioned.
ENISA has now reported that Z-Pentest Alliance members have more and more focused OT programs in Italy because the fourth quarter of 2024.
The cybersecurity company has additionally highlighted one other pro-Russia group, named Rippersec, which has slowly elevated its actions in opposition to EU member states.
“This group appeared to particularly goal the general public administration and media/leisure sectors, adopted by transport, with a claimed intent to focus on operational know-how (OT),” ENISA mentioned.
The company additionally pointed to the actions of Infrastructure Destruction Squad (IDS), a pro-Russia group that emerged in June 2025. IDS reportedly developed an ICS-specific malware named VoltRuptor. The malware, which is claimed to incorporate superior persistence and anti-forensics capabilities, is allegedly supplied on the market on the darkish net.
ENISA’s report mentions an IDS assault on an Italian sensible constructing automation firm. Others beforehand reported listening to about assaults on industrial services in Ukraine, Romania, and the US.
“As this risk is just too current to evaluate, the leveraging of the IDS persona by a Russia-nexus intrusion set is a practical working speculation,” ENISA mentioned in its report.
The complete ENISA Menace Panorama 2025 report is accessible in PDF format on the cybersecurity company’s web site.
Associated: NIST Publishes Information for Defending ICS In opposition to USB-Borne Threats
Associated: New Steering Calls on OT Operators to Create Frequently Up to date System Stock
