Latvia’s National Security Service (SAB) reported that 2025 saw a record high in registered cyber threats targeting the country, with Russia assessed as the primary source of cyber risk amid Latvia’s support for Ukraine. SAB said most activity was linked to cybercrime and digital fraud, but the most serious cases included intrusion attempts, malware distribution, equipment compromise, and DDoS attacks, and it warned that operational technology (OT) in energy, water, and transport often lacks sufficient protections. The agency also noted that Russian-linked hacktivist activity has shown willingness and capability to target industrial control systems for short-term disruption and intimidation, and that DDoS activity against government and critical services often aligns with politically sensitive events.
In the UK, senior national security figures warned Parliament that resilience alone may be insufficient against cyber and hybrid threats (including sabotage and disinformation), arguing the country needs an offensive deterrence component to impose costs on hostile states rather than “absorbing” attacks. Separately, Check Point Research data cited by Dark Reading indicated Latin America and the Caribbean experienced the highest average weekly attack volume globally (3,065 attacks per week; +26% YoY), with prevalent activity including information disclosure, attempts at remote code execution and authentication bypass, and a shift toward data-leak extortion, credential theft, and edge-device exploitation; the report also projected continued ransomware growth, particularly affecting healthcare and manufacturing.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
In a report discussed publicly in late January, SAB warned that Russia's cyber threat to Latvia would remain elevated into 2026 and beyond regardless of the outcome of the war in Ukraine. The agency also highlighted growing risks to operational technology in energy, water, and transport systems.
At a UK parliamentary national security hearing, former National Security Adviser Lord Sedwill warned that resilience and defensive measures alone would leave the country merely 'absorbing' cyber and hybrid attacks without deterring hostile states. The hearing also examined NATO resilience spending targets, ransomware legislation, and gaps in counter-disinformation capabilities.
Check Point Research reported that during 2025, Latin America and the Caribbean became the world's most-targeted region for cyberattacks, averaging 3,065 attacks per organization per week, up 26% year over year. The activity included widespread information disclosure, remote code execution and authentication-bypass attempts, and ransomware affecting more than 5% of organizations.
Latvia's national security service (SAB) said 2025 saw an all-time high in registered cyber threats against the country, surpassing levels recorded before Russia's 2022 invasion of Ukraine. SAB assessed that Russia remained the main cyber threat, with incidents including intrusion attempts, malware distribution, equipment compromise, and DDoS attacks.
SAB cited a major DDoS attack in late July that followed reports of a Latvian company winning an international drone procurement contract. The incident was presented as an example of politically timed disruptive activity linked to heightened Russian threat behavior.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
therecord.media
Open sourcetherecord.media
Open sourcedarkreading.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.