A report by Microsoft showed that in the first half of 2025, Ukraine ranked fifth in the world and third in Europe among the countries that were most often targeted by cyber activity. In particular, almost one in ten victims in Europe were from Ukraine (9.5%).
“Despite enormous challenges, Ukraine is rapidly transforming and becoming a leader in cybersecurity. By accelerating the adoption of cloud technologies, applying AI to protect critical infrastructure, and stimulating innovation, the country is building digital resilience,” said Renate Strazdin, Microsoft’s technology director for the Northern Europe Multi-country Cluster (NTO Europe North Multi-country Cluster).
The report notes that more than 52% of cyberattacks with known motives are due to extortion and ransomware, while cyber espionage accounts for only 4%. In 80% of cases, the attackers’ goal is to steal data, which underscores the global nature of this threat.
The company notes that every day it processes more than 100 trillion security system signals, blocks approximately 4.5 million new attempts by malicious software to attack, analyzes 38 million cases of risk detection for user accounts, and scans 5 billion emails for malware and phishing threats.
Microsoft noted in the report that hospitals, schools, and local governments are increasingly becoming targets of cyberattacks due to their storage of confidential data and limited resources for cyber defense. This leads to delays in medical care, interruptions in the educational process, and shutdowns of transportation systems.
The Microsoft Digital Defense Report 2025 also adds that outdated security measures are ineffective today. Therefore, the use of multi-factor authentication (MFA), which is particularly resistant to phishing, can prevent more than 99% of attacks involving credential theft.
The report separately notes that the threat from state actors remains. In particular, Russia is expanding its attacks beyond Ukraine, for example, to small businesses in NATO countries, using them as entry points into larger organizations. China is expanding its attacks on various industries and non-governmental organizations, using vulnerable devices for covert access.
Microsoft added that Iran is attacking logistics companies in Europe and the Persian Gulf, likely in preparation for disrupting commercial shipping, while North Korea is focusing on financial gain and espionage, in particular by employing IT specialists abroad who transfer their earnings to the regime.
The report notes that artificial intelligence (AI) is accelerating the development of threats. For example, cybercriminals use AI to automate phishing and create artificially generated content. Cybersecurity specialists, on the other hand, use it to better identify threats and improve user security.
