Spain once again makes the list of the 10 European countries most affected by ‘hacktivism’
ZIUR publishes its ‘Industrial Cyber Intelligence Report’ for the third quarter of 2025, warning of an increase in successful denial-of-service attacks against various countries
Spain has once again made it onto the list of the 10 most attacked countries in Europe by ‘hacktivism’, according to the ‘Industrial Cyber Intelligence Report’ for the third quarter of the year, recently published by ZIUR. This year, Spain has fluctuated in and out of this list. While in the first quarter ZIUR warned of a “drastic increase” in the number of attacks registered against state entities, in the second quarter it indicated that Spain was no longer among the European countries most attacked by this type of hostile actor. And, once again, in July, August, and September, the country has returned to the top positions.
During this period, hacktivism has increased in Europe, with 4,941 successful denial-of-service attacks targeting different countries, 2,423 more than in the previous quarter. This time, the most affected country was Germany, followed by Ukraine, Italy, Lithuania, the Czech Republic, France, Belgium, Finland, Norway, and, in tenth place, Spain.
Specifically, the Spanish state suffered an operation carried out by multiple hacktivist groups, dubbed #OpMortadelos. This movement is part of a larger campaign called #OpSpain and was launched after Europol issued an arrest warrant for Enrique Arias Gil—who allegedly used the alias "Russian Disinformer"—for supposedly providing information to a pro-Russian group to launch cyberattacks against Spain.
Data breaches and ransomware attacks decrease
The report from ZIUR, the Gipuzkoa Industrial Cybersecurity Center belonging to the Provincial Council, also highlights the detection of a total of 41 suspected data breaches affecting Spanish organizations and institutions on clandestine forums and Telegram channels, 14 fewer than in the previous quarter.
Regarding ransomware, 1,702 incidents were recorded during the second quarter of 2025, 3.86% fewer than in the previous period. The five most active groups accounted for almost 43% of the cases, and the most affected sectors were manufacturing, technology, healthcare, banking, and construction. Qilin, Akira, Incransom, Play, and Safepay emerged as the most aggressive actors, accounting for a total of 727 breaches, or 42.71% of the total.
Conversely, the number of published vulnerabilities has seen a slight increase, reaching a total of 12,648. Regarding vulnerabilities specific to ICS (Industrial Control Systems), CISA has reported a total of 902, more than double the number published during the second quarter of 2015. Vulnerabilities continue to primarily affect software manufacturers.
The ZIUR ‘Industrial Cyber Intelligence Report’ also provides a series of recommendations for companies in Gipuzkoa. These include implementing strong password policies, using password managers, adopting multi-factor authentication, and conducting regular audits, among others. ZIUR also warns of the dangers of phishing emails “as a common entry vector” for attackers in organizations and points out that “training programs should be developed to mitigate this risk.”