New: Flexible service plans for Myra WAF. Learn more!
Home>
Trending Topics Cybersecurity – July 2025
SECURITY INSIGHTS | August 01, 2025
Myra's monthly security highlights provide IT managers and security experts with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and reports on cyberattacks, attack campaigns and more are clearly presented here.
Experts from the fields of cybersecurity, politics, and academia agree: At Myra's “BOTS & BREWS” media roundtable, participants criticized the increasing dependence of European companies and authorities on US providers and the slow progress of key projects such as GAIA-X. More than ever, a clear commitment to the use of European solutions is needed to strengthen Europe's digital sovereignty in the long term.
In this context, the statement made by Microsoft France's chief legal officer before the French Senate is particularly relevant. The manager admitted that access to data stored in Europe by US authorities cannot be ruled out. This is a precedent that reveals the incompatibility of US legislation with European data protection standards such as the GDPR.
A report by the German Federal Audit Office shows that even the federal IT system in Germany is vulnerable. The majority of the more than 100 data centers do not even meet basic security requirements such as emergency power supply or geo-redundancy. This further increases the vulnerability of critical government infrastructure.
In July, the increased activities of the pro-Russian hacker group NoName057(16) came to the fore as an acute threat to state and municipal infrastructure. Although the Federal Criminal Police Office and international partners succeeded in dismantling the group's botnet as part of “Operation Eastwood,” the cybercriminals struck back just a few days later. Using DDoS attacks, the attackers paralyzed the websites of several major German cities, including Bielefeld, Düsseldorf, Nuremberg, and Stuttgart.
IT Security Trends
Europe flying blind in the digital age? Experts call for more speed and independence
There was consensus at Myra's “BOTS & BREWS” media roundtable: Despite big plans, Europe's digital sovereignty remains far behind its own ambitions. Experts criticized the dependence on providers from the US and China and called for more political determination and more effective implementation of initiatives such as GAIA-X. Although projects in the field of Industry 4.0 and open source give cause for optimism, there is still a lack of investment and a common vision to become truly independent and internationally competitive.
Microsoft France: US authorities can request EU data
Microsoft France's chief legal officer confirmed in a hearing before the French Senate that there is no certainty that EU data is protected before being transferred to the US. US surveillance laws such as the CLOUD Act, FISA 702, and the Patriot Act allow US authorities to access data from US companies and their subsidiaries, regardless of where it is physically stored. US legislation thus conflicts with the GDPR, which provides for the protection of personal data in the EU.
Federal Audit Office criticizes inadequate cybersecurity of federal IT
The German Federal Audit Office has found that the cyber security of the federal IT system is “inadequate” and that there is a lack of effective protective measures. According to the report, not even ten percent of the federal government's more than 100 data centers meet the minimum standard. In many cases, emergency power supply is not guaranteed in crisis situations, and critical IT services are often not available with geographical redundancy.
Chinese technicians maintained the Pentagon cloud
For years, Microsoft relied on technicians from China to maintain the US Department of Defense's cloud infrastructure, whose work was only superficially monitored remotely by US citizens with security clearance. After a ProPublica investigation uncovered this security-critical handling of sensitive government data, Microsoft immediately stopped using Chinese IT specialists; the Department of Defense has launched an investigation, while the full extent of the potential risks remains unclear.
Myra Security presents study on the state of digital sovereignty
84.4 percent of IT decision-makers want European digital products for the government and operators of critical infrastructure (KRITIS). Less than 25 percent of companies use European cloud services; AI infrastructure is only around 10 percent. Despite heavy dependencies, almost half of companies have no plans to switch to European software.
Cybercrime
Cybercriminals paralyze Aeroflot: Russia's largest carrier has to cancel flights
In the middle of the peak travel season, a coordinated attack by the cyber groups “Silent Crow” and “Cyber Partisans” compromised Aeroflot's IT systems and led to the cancellation of more than 50 flights, affecting thousands of passengers. According to the attackers, over 7,000 servers and numerous central systems were destroyed.
Patient data from LUP clinics has now appeared on the dark web following a cyberattack that took place in February 2025. The leaked data is said to include lab results, doctor's letters, and names and postal addresses. Attackers could use this information for targeted phishing attacks. However, it is unclear who is behind the attack and the data leak.
Cybercriminals manipulate dam control system in Norway
Unknown attackers opened the floodgates of the Risevatnet dam in Norway for several hours without being noticed during a cyberattack. Access to the control system, which is accessible via the web, was apparently only secured by a weak password. The incident raises serious questions about the security of critical infrastructure.
Microsoft SharePoint disaster and possible leaks
Security researchers have pointed out that a leak may be the reason why attackers, including state-sponsored groups, were able to exploit critical vulnerabilities in Microsoft SharePoint even after patches were released. Microsoft has since released updates, but more than 400 organizations had already been affected by the attacks before the security updates took effect.
British transport company goes under after cyber incident
For British logistics company KNP, a critical ransomware infection means the end of a 158-year history. The attackers apparently used a poorly secured user account to infiltrate the company's IT system. After successfully breaching the system, they encrypted KNP's databases and demanded a huge ransom for their release.
US nuclear agency attacked via Sharepoint vulnerability
A security vulnerability in the on-premises instances of Microsoft Sharepoint that became known in July allows attackers to gain access to vulnerable systems. According to Bloomberg, one of the targets was the US Nuclear Security Administration (NNSA), which is part of the US Department of Energy. However, a spokesperson for the agency emphasized that it was “only minimally affected” and that no confidential or secret information had been leaked.
DDoS attack wave hits municipal websites
DDoS attacks paralyzed the websites of several major German cities in July. Among those affected were Bielefeld, Düsseldorf, Nuremberg, and Stuttgart. The cities were able to restore their sites on the same day and filed criminal charges against persons unknown. The pro-Russian group NoName057(16) is suspected of being behind the attacks.
Another cyberattack on the International Criminal Court
The International Criminal Court in The Hague has once again been the target of a “sophisticated” cyberattack. This is already the second incident of this kind, following a similar attack in 2023. According to the authorities, that attack was an espionage operation aimed at “undermining the mandate of the Court.” No details are available about the new incident at this time.
Best Practice, Defense & Mitigation
NoName057(16) demonstrates resilience: New attacks despite dismantled attack infrastructure
As part of Operation Eastwood, the German Federal Criminal Police Office and international partners dismantled the botnet of the pro-Russian hacktivist group NoName057(16) and searched 27 locations in Europe, issuing six arrest warrants for Russian members. Since November 2023, the group had launched at least 14 waves of attacks against around 250 companies and institutions – primarily critical infrastructure in Germany – using DDoS attacks. Despite this significant setback, the group is proving resilient. Just five days after the police operation, the cybercriminals launched new DDoS attacks against German government agencies and police authorities.
Klöckner calls for more cybersecurity for the Bundestag
Bundestag President Julia Klöckner is calling for a separate police law for parliament to improve cybersecurity and better identify potential threats among visitors. She emphasizes the need to strengthen defenses against cyberattacks, as the Bundestag is frequently the target of such attacks.
BSI pushes for email security in Germany
Together with the eco association and Bitkom, the Federal Office for Information Security (BSI) is calling on all companies and organizations in Germany to improve their email security by 2025. Technical guidelines and other support services such as webinars, guides, themed podcasts, and much more are available to help with implementation.
Things to know
Cybersecurity H1 Report 2025: Countering the AI offensive with resilience and sovereignty
The Myra Cybersecurity Report provides IT decision-makers with practical insights to strengthen corporate resilience and proactively counter cyber threats. The tense and dynamic cybersecurity situation will remain a key challenge in Germany in 2025. Although the attacks documented and repelled by Myra in the first half of the year were down on the previous year, the technical sophistication, targeting, and intensity of the attacks are increasing significantly.
Stefan Bordel
Senior Editor
Stefan Bordel has been working as an editor and technical writer at Myra Security since 2020. In this role, he is responsible for creating and maintaining website content, reports, whitepapers, social media content and documentation. This role allows him to bring his extensive experience in IT journalism and technical knowledge to an innovative cyber security company. Stefan previously worked at Ebner Verlag (formerly Neue Mediengesellschaft Ulm) for 7 years and joined the online editorial team at com! professional after working for Telecom Handel. He gained his first journalistic experience during various internships, including at the IT website Chip Online. As a passionate Linux user, he follows the IT scene closely, both privately and professionally.