<div class="block-paragraph_advanced"><p>Written by: Jamie Collier, Robin Grunewald</p> <hr/></div> <div class="block-paragraph_advanced"><p><span style="vertical-align: baseline;">Germany has reclaimed its position as a primary focus for cyber extortion in Europe. While data leak site (DLS) posts rose almost 50% globally in 2025, Google Threat Intelligence (GTI) data shows that the surge is hitting German infrastructure harder and faster than its regional neighbors, marking a significant return to the high-pressure levels previously observed in the country during 2022 and 2023.</span></p> <h3><span style="vertical-align: baseline;">Cyber Criminals Pivoting Back to Germany</span></h3> <p><span style="vertical-align: baseline;">Germany moved to the forefront of European data leak targets in 2025. Following a 2024 period where the UK led in DLS victims, this pivot reflects a resurgence of the intense pressure observed across German infrastructure during 2022 and 2023.</span></p> <p><span style="vertical-align: baseline;">This targeting is not a result of the overall number of companies within Europe, as Germany has </span><a href="https://www.hithorizons.com/eu/analyses/country-statistics" rel="noopener" target="_blank"><span style="text-decoration: underline; vertical-align: baseline;">fewer active enterprises</span></a><span style="vertical-align: baseline;"> than France or Italy. Instead, its sustained appeal to extortion groups is driven by its status as an advanced European economy with an increasingly digitized industrial base.</span></p></div> <div class="block-image_full_width"> <div class="article-module h-c-page"> <div class="h-c-grid"> <figure class="article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 " > <img src="https://storage.googleapis.com/gweb-cloudblog-publish/images/german-cybercrime-fig1.max-1000x1000.jpg" alt="Percentage of data leaks affecting European nations in 2025"> </a> <figcaption class="article-image__caption "><p

Read Full Article at Mandiant Blog →