Orange’s cybersecurity division has uncovered a prolific pro-Russian hacktivist group which is targeting almost exclusively European organisations to cause disruption, manipulate public opinion, destabilise confidence and undermine trust.
The key finding, highlighted in Orange Cyberdefense’s 2025 Security Navigator report, revealed that Europe has become a prime target for hacktivists, while the US has been impacted more by cyber extortion, with a 25% year-on-year increase in cases.
Hacktivists are individuals or groups who use hacking techniques to promote a political or social agenda. They typically target organisations, governments, or individuals to expose perceived injustices, disrupt operations, or draw attention to their causes.
Speaking at a media gathering in London last week Charl van der Walt, Security Navigator’s head of research observed a new intersection between cyber activism and state-sponsored operations.
“We are seeing a hybridisation of hostile nation-states and criminals challenging our need to want to put things in boxes. They move quite fluidly between political activism and crime and legitimate work – but technological mastery is the common thread,” he said.
Read more: The rise of the hackvist supergroup
Their weapon of choice, he added, was almost entirely around distributed denial-of-service (DDoS) attacks which overload servers with traffic, disrupting access to websites or services to cause maximum chaos.
Security Navigator singled out a pro-Russian hacktivist group as one of the main perpetrators- claiming over 6,600 attacks since March 2022, almost exclusively in Europe.
The targets, the report adds are typically “symbolic and important European entities” – which could be election-related systems, financial institutions or critical infrastructure, and their activities tend to be triggered by geopolitical events such as the recent farmer’s strike in Belgium.
“These groups aim to draw attention to the political and economic issues they consider important, creating fear, uncertainty and doubt,” the report added.
The US
The report noted that the pro-Russian hacktivist groups were not targeting US territories with van der Walt suggesting the atomisation of criminal cyber gang Lockbit by the US authorities and others meant that “perhaps they don’t want to poke that bear”.
North America did not remain unscathed , however, and was the most impacted region globally in terms of cyber extortion, with a 25% YOY increase in cases, the report noted.
The US also experienced the highest cases of OT (Operational Technology) attacks (on water systems, grain siloes etc) accounting for almost half of all incidents. “This trend reinforces the region’s position as a top target for financially motivated threat actors,” the report stated.
Interactive mapping
Orange has also released a new interactive mapping of criminal ecosystem, Cybercrime Now, which the French company is making publicly available for the first time.
Aimed at researchers, journalists and analysts, Orange claims that the visualisation tool offers users the change to explore the networks that underpin major forms of cybercrime.
