China and North Korea linked to cybercrime groups targeting Ireland
Malicious cyber groups aligned with the Chinese and North Korean governments are active in Ireland, according to the EU cyber agency.
In a threat assessment, covering the year to June 2025, ENISA did not find any reported incidents of Russian state cyber groups active in Ireland.
The EU body said China state-aligned groups mainly targeted Italy, Germany, France, and Belgium, where the focus was on cyber espionage.
ENISA detailed a second group of countries, including Spain, the Nordic states, the Netherlands, Poland, and Ireland, as targets of Chinese cyber groups.
The ENISA Threat Landscape 2025 report said these groups focus on “public administration, transport, civil society, and digital infrastructure sectors”.
It said that, within public administration, the groups target the government and diplomatic entities.
The EU cyber agency said that aviation and maritime industries have also been targeted.
When the agency examined attacks on civil society, they found that NGOs and human rights advocacy groups were the targets. The report said:
ENISA said that North Korean cyber groups have also been reported in Ireland, though to a lesser degree than their Chinese counterparts.
The North Korean focus, like that of China, is on the same four countries: Belgium, Italy, Germany, and France.
Ireland is in a third group of countries, along with the likes of Denmark, Switzerland, and Portugal.
The report said the North Korean focus is “heavily skewed toward EU private companies”, such as human resources, financial services, and technology.
Defence, aerospace, media, and health sectors across Europe have also been targeted.
The ENISA report said Russian cyber groups were “most active” over the last year and that they “continuously targeted” EU states in cyberespionage campaigns.
It said the groups most documented are those that have been linked elsewhere to Russian military intelligence, GRU, or Russian foreign intelligence, SVR.
“Overall, Russia-nexus offensive cyber activities targeted the public administration with a clear focus on governmental and diplomatic entities, the defence sector, and the digital infrastructure sector,” it said.
“While targeting multiple EU MSs [member states], geographical targeting in the EU indicates a focus on Poland, France, Germany, Belgium, and Greece.”
It said much of the targeting is likely to the partly related to EU members' support for Ukraine.
Separate to general state-aligned activities, ENISA also monitors foreign information manipulation and interference (FIMI).
This refers to online activity, including disinformation, which aims to stoke polarisation and divisions in the EU, including member state elections, and undermine EU foreign policy, not least in relation to Ukraine.
ENISA said France, Germany, and Poland are the countries most targeted by FIMI, with EU leaders, such as the commission president and the diplomatic chief, also frequently targeted.
Fake news and fake investigations, including AI-assisted voice cloning, are common tactics used, along with photos and images taken out of context.
The report also refers to detailed efforts by Russian FIMI activities to interfere with elections in Romania and Moldova.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
