On October 1, the European Union Agency for Cybersecurity (ENISA) published its annual Threat Landscape 2025 report, outlining “the most prominent cybersecurity threats and trends the EU faces in the current cyber threat ecosystem.”

An examination of the most prominent state-aligned cyber threats faced by the EU revealed, unsurprisingly, that Russia and China were the most active in targeting Union members over the reporting period (July 1, 2024 – June 30, 2025). Both sectoral and geographic targeting by hackers from these nations appeared to be aimed at achieving their sponsoring nation-state’s grand geopolitical ambitions, such as Russia’s ongoing conflict in Ukraine or China’s economic ambitions outlined in its Made in China 2025 (MiC25) or China Standard 2035 policies.

However, contrary to common perception, ENISA listed North Korean state-aligned cyber intrusions as the third most noteworthy threat to EU members, ranking them above more researched threat actors, such as Iran. ENISA’s findings further underscore the growing multipronged threat that North Korea poses to the West and the need for European policymakers to approach Pyongyang from a holistic approach, beyond a focus on its kinetic military activity vis-à-vis Russia.

When ENISA’s North Korea-related findings are examined more closely, it becomes apparent that the geopolitical motivations behind its cyberattacks closely align with global trends. Indeed, North Korean state-aligned cyber operations can be categorized mainly into two distinct, but at times overlapping,