CrowdStrike’s 2025 report reveals a sharp rise in ransomware, AI-driven phishing, and nation-state cyber operations targeting Europe.
Key Takeaways:
Ransomware is surging across Europe, driven by a booming cybercrime economy in which services such as Malware-as-a-Service and credential marketplaces are readily available to attackers. According to CrowdStrike’s 2025 European Threat Landscape Report, European organizations have been the target of nearly 22% of global ransomware and extortion attacks this year.
Nation-state cyber espionage is intensifying, with China-linked threat actors ramping up their operations by 150%, especially targeting key European sectors like finance, media, and manufacturing. Meanwhile, Iranian groups are experimenting with generative AI to discover vulnerabilities and develop more sophisticated exploits.
Additionally, social engineering attacks are becoming more sophisticated, with voice phishing (vishing) incidents skyrocketing by 442% in just six months. Cybercrime groups like CURLY SPIDER, CHATTY SPIDER, and PLUMP SPIDER are now leveraging generative AI to craft highly convincing phishing and impersonation campaigns.
According to CrowdStrike, cyber attackers are increasingly bypassing traditional malware, and 79% of initial breaches now rely on stolen credentials and legitimate access methods to infiltrate systems. Similarly, access broker advertisements selling stolen credentials surged 50% year-over-year.
“The cyber battlefield in Europe is more crowded and complex than ever,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “We’re seeing a dangerous convergence of criminal innovation and geopolitical ambition, with ransomware crews using enterprise-grade tools and state-backed actors exploiting global crises to disrupt, persist, and conduct espionage.”
CrowdStrike’s study also found that North Korea-linked threat group FAMOUS CHOLLIMA is increasingly exploiting insider access, with 40% of its 304 recorded incidents involving adversaries posing as legitimate employees. The average eCrime breakout time also dropped to 48 minutes, with the fastest recorded at 51 seconds.
Lastly, cloud security threats are on the rise, with a 26% year-over-year increase in cloud intrusions. These attacks are largely driven by hackers exploiting valid account credentials, which accounted for 35% of initial access methods in early 2024. Moreover, over half of all observed vulnerabilities were linked to initial access points.
CrowdStrike’s 2025 European Threat Landscape Report offers several key recommendations for organizations to strengthen their cybersecurity posture in response to the evolving threat environment.
Organizations should adopt a proactive approach that combines real-time threat intelligence, AI-driven detection, and expert-led threat hunting to identify and neutralize threats before they escalate.
Attackers are exploiting legitimate credentials to target enterprise environments. Administrators should strengthen identity protection through multi-factor authentication, privileged access controls, and continuous monitoring.
Businesses must ensure comprehensive visibility across cloud workloads, address configuration weaknesses, and monitor for unauthorized access or lateral movement.
This study found that over half of exploited vulnerabilities are tied to initial access. It’s advised that organizations must prioritize timely patching and proactive vulnerability assessments to reduce exposure.
Organizations should keep an eye on access broker markets to anticipate potential threats and take preventive action before breaches occur.
Businesses should deploy cloud-native platforms that offer automated protection, rapid deployment, and centralized visibility across endpoints, identities, and cloud assets.