BRUSSELS — Crafty hacking groups backed by hostile states have increasingly targeted European public institutions with cyber espionage campaigns in the past year, the European Union’s cybersecurity agency said Wednesday. Public institutions were the most targeted type of organization, accounting for 38 percent of the nearly 5,000 incidents analyzed, the ENISA agency said in its yearly threat landscape report on European cyber threats. The EU itself is a regular target, it added. State-aligned hacking groups “steadily intensified their operations toward EU organizations,” ENISA said, adding that those groups carried out cyber espionage campaigns on public bodies while also attempting to sway the public through disinformation and interference.  The report looked at incidents from July 1, 2024 to June 30, 2025. Multiple European countries said in August that they had been affected by “Salt Typhoon,” a sprawling hacking and espionage campaign believed to be run by China’s Ministry of State Security. In May, the Netherlands also attributed a cyber espionage campaign to Russia, and the Czech government condemned China for carrying out a cyberattack against its foreign ministry exposing thousands of unclassified emails. These incidents underlined how European governments and organizations are increasingly plagued by cyber intrusions and disruption. Though state-backed cyber espionage is on the rise, ENISA said the most “impactful” threat in the EU is ransomware, a type of hack where criminals infiltrate a system, shut it down and demand payment to allow victims to regain control over their IT. Another type of attack, known as distributed denial-of-service (DDoS), was the most common type of incident, ENISA said. DDoS attacks are most commonly deployed by cyber activists. ENISA said different types of hacking groups are increasingly using each others’ tactics, most notably when state-aligned groups use cyber-activist techniques to hide their provenance. The agency also highlighted the threat to supply chains posed by cyberattacks, saying the interconnected nature of modern services can amplify the effect of a cyberattack.   Passengers at Brussels, Berlin and London Heathrow airports recently experienced severe delays due to a cyberattack on supplier Collins Aerospace, which provides check-in and boarding systems. “Everyone needs to take his or her responsibilities seriously,” Hans de Vries, the agency’s chief operations officer, told POLITICO. “Any company could have a ripple effect … We are so dependent on IT. That’s not a nice story but it’s the truth.”

The International Criminal Court (ICC) said it was hit by a “sophisticated and targeted” cyberattack as NATO leaders gathered in The Hague for a summit last week. The ICC, which is based in The Hague, said it detected the incident “late last week” and had contained the threat. “A Court-wide impact analysis is being carried out, and steps are already being taken to mitigate any effects of the incident,” the court said in a statement on Monday. The Hague was the scene of the NATO Summit early last week. Dutch cybersecurity authorities reported a series of cyberattacks known as distributed denial-of-service (DDoS) attacks against local governments and other institutions in the run-up and during the summit. Those attacks, limited in impact, were claimed by known pro-Russian hacktivist groups online. A power outage also caused massive disruption to train traffic in the country last Tuesday. Dutch authorities said they were investigating the incident and the country’s justice minister said he couldn’t rule out sabotage as a possible cause. The ICC in 2023 also reported a hack of its computer systems it believed was an attempt to spy on the institution. The global tribunal has recently come under scrutiny after it issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu and his former defense minister, Yoav Gallant, over Israel’s military campaign in Gaza. The U.S. Trump administration has slapped sanctions on the court’s Chief Prosecutor Karim Khan in response to the arrest warrants. Khan also lost access to his email provided by Microsoft in May, in an incident that has galvanized a political push in Europe to wean off American technology for critical communications.