Mid-Year Threat Intelligence Report 2025

Unlock this whitepaper

Cyber threats in 2025: What you don’t know might already be happening

We’re halfway through 2025, and the digital battlefield is more active than ever. From ransomware surges to politically charged cyber campaigns, this year has already reshaped the threat landscape in ways few predicted. NetNordic’s Mid-Year Threat Intelligence Report is here—and it’s not just another update. It’s a wake-up call.

Ransomware: a relentless climb

Ransomware continues its upward spiral. In just six months, 3,941 victims were listed on dark web extortion sites—nearly matching the total for all of 2024. Europe saw a 32% increase, with Germany now leading the victim count. The Nordics aren’t far behind, and Sweden remains a top target.

But here’s the twist: the old ransomware giants are fading. Groups like LockBit and BlackBasta have been disrupted by law enforcement. In their place, new players like Akira, SafePay, and Qilin are stepping into the spotlight. And one group that emerged this year? It’s already making waves—but you’ll have to read the report to find out how.

DDoS attacks: strategic, ruthless, and public

The Russian-aligned hacktivist group NoName057 has refined its tactics, using the DDoSia tool to coordinate mass attacks. With an average of 185 targets per week, NoName is proving that public sector entities are still dangerously vulnerable. Their success rate? Surprisingly high—especially when targeting government infrastructure.

The group’s shift in focus—from broad campaigns to geopolitically motivated strikes—is a trend worth watching. And the data behind their most successful weeks? Let’s just say it’s not what you’d expect.

Geopolitics meets cyber warfare

The war in Ukraine rages on, and tensions between Israel and Iran have escalated into digital conflict. Enter Handala, a politically motivated threat actor supporting Palestine. In just 16 days, Handala launched 21 attacks on Israeli targets, ranging from military-linked companies to critical infrastructure.

What makes Handala unique isn’t just its volume—it’s its hybrid nature. It blends ransomware tactics with hacktivist messaging, making it hard to categorize and even harder to predict. Who’s behind it? That’s still a mystery.

Innovation and enforcement

2025 isn’t just about attacks—it’s also about breakthroughs. Law enforcement has made significant strides, taking down underground forums and intercepting threat actor infrastructure. Meanwhile, attackers are evolving their phishing techniques, with methods like ClickFix causing headaches across industries.

What’s next? That’s the million-dollar question.