Hacktivist DDoS Attacks Surge Against Government Sites
▼ Summary
– DDoS attacks by hacktivist groups caused most (60%) public sector cybersecurity incidents last year, though data threats were more disruptive.
– Public sector organizations manage sensitive data and critical services, making them prime targets for cyberattacks according to ENISA’s analysis of 586 incidents.
– State actors and cybercriminals caused the most service impact despite fewer incidents, primarily through data breaches affecting employment and law enforcement systems.
– Central government bodies experienced 69% of all cybersecurity incidents, with municipal websites and ministry portals being common DDoS targets.
– ENISA warned public administrations have low cybersecurity maturity and face likely future attacks due to their high-value target status and NIS2 compliance challenges.
A significant rise in hacktivist-driven cyberattacks has targeted government digital infrastructure, with Distributed Denial of Service (DDoS) campaigns representing the majority of security incidents in the public sector over the past year. According to a recent analysis by the European Union Agency for Cybersecurity (ENISA), these attacks, while frequent, were not the most damaging. The agency’s study examined 586 publicly disclosed cyber incidents affecting public administration, highlighting that the sector’s management of vast amounts of sensitive data and its role in delivering essential services make it a prime target for malicious actors.
DDoS attacks alone accounted for roughly 60% of all cybersecurity incidents recorded in the public sector last year. Hacktivist groups were identified as the primary perpetrators, responsible for 63% of these disruptive campaigns. Cybercriminals followed at 16%, with state-sponsored actors representing a smaller portion at 2.5% of incidents. Despite their lower frequency, attacks by cybercriminals and state actors had a more severe operational impact, primarily through data-related breaches.
Data breaches constituted the second most common type of threat, making up 17% of all incidents in 2024. These attacks frequently targeted highly sensitive platforms, including employment services and law enforcement portals, leading to significant service disruption. Ransomware incidents were also notable, accounting for 10% of reported cases. Prominent ransomware families like RansomHub, Lockbit 3.0, and 8Base were among the main variants observed during this period.
The analysis further noted that DDoS attacks predominantly focused on municipal websites and portals belonging to various government ministries. Central government bodies bore the brunt of these incidents, representing 69% of the overall cybersecurity events documented. A senior ENISA official emphasized that cybersecurity in public administration is fundamental to citizen welfare and the smooth operation of the single market across the European Union. Ensuring reliable and effective public services requires a high level of cybersecurity across national, regional, and local governmental networks.
Nevertheless, the public sector’s resilience to cyber threats remains underdeveloped. The sector was recently incorporated into the NIS2 Directive, and a separate ENISA report from March 2025 placed it in a “risk zone” for compliance. Public administrations reportedly lack the support and experience found in more mature sectors, making them particularly vulnerable.
Looking ahead, ENISA has warned that the public sector’s low cybersecurity maturity, combined with its high value as a target, makes further attacks highly probable in the medium to long term. The agency anticipates continued hacktivist DDoS campaigns, state-backed cyber-espionage operations, and opportunistic ransomware and data breaches. In response, ENISA has issued guidance for public sector organizations that are struggling with both NIS2 compliance and the growing spectrum of cyber threats.
(Source: Info Security)
