Report: EMEA under siege from persistent hacktivist groups
March 26, 2026
The second half of 2025 saw Europe, the Middle East and Africa (EMEA) under siege from persistent hacktivist groups. Threat actors such as Keymous+ and NoName057(16) maintained activity across the area, despite coordinated law enforcement operations designed to take down these groups.
According to NetScout’s latest DDoS Threat Intelligence Report, over 8 million attacks were recorded globally, with 3,331,570 targeting EMEA, nearly twice as many as the next most heavily targeted region.
Looking at the region in greater detail, the report revealed:
- The top five targeted countries in EMEA were: Germany, Poland, Russia, Saudi Arabia and South Africa
- Keymous+ conducted 249 DDoS attacks between February and September 2025. India, Sudan, Saudi Arabia, France and Morocco were among the nations most affected
- Wireless telecommunications carriers retained its position as the most frequently targeted industry by threat actors, as the attack count rose to 1.3 million, around an 8 per cent increase from the previous six months
- Only 50 per cent of EMEA attacks in this time period contained a single vector, signifying the escalation in attack complexity as multi-vector tools become more frequently employed by adversaries
Richard Hummel, director of threat intelligence at NetScout, explained how hacktivist groups and the democratisation of cyberattacks are driving attack activity in EMEA: “During the second half of 2025, pro-Russian hacktivist groups such as NoName057(16) and Keymous+ conducted sustained and coordinated DDoS campaigns, disrupting online services across organisations in the EMEA region. These attacks coincided with holiday traffic in western and NATO-aligned countries, and primarily targeted the government, financial services and telecommunications sectors, reinforcing these groups’ stance against nations they deem to be acting in opposition to Russia. The DDoS attack on France’s national post office in December was a prime example of how European allies of Ukraine have become systematically targeted by hacktivists.“
“Further to this, AI integration into DDoS-for-hire services has been a major catalyst in democratising DDoS attacks in the region. The entry barriers for unskilled and novice actors continue to be demolished as conversational AI and illicit LLM tools are incorporated into the attack development process. By using simple language prompts, novice actors can launch sophisticated, multi-vector campaigns, with malicious LLMs like KawaiiGPT offering these services for free.”
““In response, enterprises across EMEA need to maintain increased vigilance. This necessitates organisations investing in automated detection and mitigation software and having access to the most up-to-date threat intelligence to safeguard themselves and combat against evolving, persistent DDoS threats,” concluded Hummel.
Other posts by :
- Shotwell makes TIME front cover
- Suitors eye Globalstar
- SpaceX: IPO offer in days?
- Forecast: SpaceX tracking to $20bn revenue in 2026
- EchoStar’s Dish restructures debt obligations
- AsiaSat hits Zee and JioStar with legal actions
- Nvidia unveils orbital chip/computer for AI and data
- Space Sector: ‘Profound Acceleration in 2026’