BRUSSELS — Crafty hacking groups backed by hostile states have increasingly targeted European public institutions with cyber espionage campaigns in the past year, the European Union’s cybersecurity agency said Wednesday.

Public institutions were the most targeted type of organization, accounting for 38 percent of the nearly 5,000 incidents analyzed, the ENISA agency said in its yearly threat landscape report on European cyber threats.

The EU itself is a regular target, it added. State-aligned hacking groups “steadily intensified their operations toward EU organizations,” ENISA said, adding that those groups carried out cyber espionage campaigns on public bodies while also attempting to sway the public through disinformation and interference. 

The report looked at incidents from July 1, 2024 to June 30, 2025.

Multiple European countries said in August that they had been affected by “Salt Typhoon,” a sprawling hacking and espionage campaign believed to be run by China’s Ministry of State Security.

In May, the Netherlands also attributed a cyber espionage campaign to Russia, and the Czech government condemned China for carrying out a cyberattack against its foreign ministry exposing thousands of unclassified emails.

These incidents underlined how European governments and organizations are increasingly plagued by cyber intrusions and disruption.

Though state-backed cyber espionage is on the rise, ENISA said the most “impactful” threat in the EU is ransomware, a type of hack where criminals infiltrate a system, shut it down and demand payment to allow victims to regain control over their IT.

Another type of attack, known as distributed denial-of-service (DDoS), was the most common type of incident, ENISA said. DDoS attacks are most commonly deployed by cyber activists.

ENISA said different types of hacking groups are increasingly using each others’ tactics, most notably when state-aligned groups use cyber-activist techniques to hide their provenance.

The agency also highlighted the threat to supply chains posed by cyberattacks, saying the interconnected nature of modern services can amplify the effect of a cyberattack.  

Passengers at Brussels, Berlin and London Heathrow airports recently experienced severe delays due to a cyberattack on supplier Collins Aerospace, which provides check-in and boarding systems.

“Everyone needs to take his or her responsibilities seriously,” Hans de Vries, the agency’s chief operations officer, told POLITICO. “Any company could have a ripple effect … We are so dependent on IT. That’s not a nice story but it’s the truth.”