4 min Security

European countries face storm of pro-Russian hacktivism

European countries face storm of pro-Russian hacktivism

Ukraine remains the main target of pro-Russian hacktivists, but the reach of their attacks extends much further. European countries have not been spared, new statistics show.

Hacktivism has been a common phenomenon for achieving political or social goals in recent years. Especially with the war between Russia and Ukraine, it makes sense that such hacking campaigns and techniques are being used more frequently. From the hackers’ perspective, it is a way to attack government agencies and multinational companies and thus affect society.

Russia can theoretically use digital activities – such as hacking – to strike a significant blow in the conflict with Ukraine, which now extends far beyond national borders. It is a geopolitical conflict in which European countries have become involved in various ways, such as trade restrictions and financial or military support to Ukraine. For pro-Russian hacktivists, that support can be a motivation to carry out attacks on countries that support Ukraine.

Orange Cyberdefense’s Security Navigator 2025 offers companies insights into the latest trends so they can adjust their strategy. Orange Cyberdefense bases these insights on data from its Security Operations Centre, supplemented by other sources. Based on this, the report maps the threat landscape as accurately as possible and outlines an outlook for the year ahead. This allows organizations to better prepare for the modern threat landscape.

Europe full on the radar

The latest data from Orange Cyberdefense shows that hacktivism is especially prominent in Europe. Of the attacks the company studied, 96 per cent targeted victims in Europe. Ukraine suffered 11 per cent of these attacks, while other countries were also heavily affected, including the Czech Republic (9 per cent), Spain (9 per cent), Poland (8 per cent) and Italy (7 per cent). More than half of the attacks thus targeted other non-named EU countries. The Netherlands and Belgium are also emphatically on the radar of hackers.

The investigated pro-Russian group, whose 6,600 hacktivist incidents were studied by an Orange Cyberdefense researcher, primarily conducts disruptive campaigns aimed at destabilizing critical services. Two tactics stand out in this regard: DDoS attacks and website defacement. DDoS attacks take networks or services offline by flooding them with massive traffic. ‘Website defacement’ is used to gain unauthorized access to a website or server and modify its content – an effective way to spread social and political messages.

Of the 6,600 hacktivists, some are running from May 2022, shortly after the outbreak of war. These showed that hacktivists mainly target state-sponsored agendas and attack critical infrastructures. These include election systems, which allow them to disrupt essential services and undermine public trust in governments and democratic systems. The DDoSia project stands out in terms of these incidents. This platform is used to recruit and coordinate attacks. In the first half of 2023, more than 1,100 DDoS attacks were already in 32 countries. Although Orange Cyberdefense cannot establish a direct link between the group under investigation and the Russian government, the indications indicate a strong connection.

Threat to physical security

A troubling observation is that hacktivists significantly threaten cyber-physical environments, such as factories and energy facilities. These OT (Operational Technology) environments are an attractive target for hackers because of often lagging security measures. A hacked system can not only disrupt processes but also cause physical damage. Once inside, a hacker can sabotage production processes or attack equipment, even causing it to explode. In theory, this could cripple a plant’s entire production capacity.

The data shows that 23 per cent of all attacks on OT environments in the past year came from hacktivists. Sectors in which IT and OT systems are highly integrated appear especially vulnerable. Manufacturing and transportation companies are favoured targets because hackers can easily divert to OT systems via an IT incident. In Europe, Germany is a persistent target of such attacks. 11 per cent of all OT incidents occurred here, partly because the German economy heavily depends on the industrial sector. Hackers here deploy tactics to manipulate physical processes, leading to the shutdown of business operations.

In addition, Orange Cyberdefense notes that cyber-extortion (extortion via cyber-attacks) is widespread in Europe. This highlights how deeply IT is intertwined with all sectors on the continent. An expanded IT infrastructure offers hackers more access points to sensitive data and systems, increasing the likelihood of successful attacks.

Are you curious about more insights from Security Navigator 2025? Then check out the full report.

Tip: Orange Cyberdefense turns security into a business enabler