An end to Russia’s war in Ukraine may lead to ‘shifts in the EU criminal landscape’, according to a Europol’s EU Serious and Organised Crime Threat Assessment (EU-SOCTA) 2025.
Europol Executive Director Catherine De Bolle said in a foreword: “The very DNA of organised crime is changing. Criminal networks have evolved into global, technology-driven criminal enterprises, exploiting digital platforms, illicit financial flows and geopolitical instability to expand their influence. They are more adaptable, and more dangerous than ever before. Breaking this new criminal code means dismantling the systems that allow these networks to thrive – targeting their finances, disrupting their supply chains and staying ahead of their use of technology. Europol is at the heart of Europe’s fight against organised crime, but staying ahead of this evolving threat means reinforcing our capabilities – expanding our intelligence, operational reach and partnerships to protect the EU’s security for the years to come.”
The report by the European Union’s policing agency based in The Hague sets out how serious and organised crime is ‘increasingly nurtured online’. Tech such as artificial intelligence accelerate crimes and provide criminal networks with entirely new capabilities, according to the report, adding to the ‘speed, scale, and sophistication’ of organised crime.
You can download the 100-page document at the Europol website: https://www.europol.europa.eu/publication-events/main-reports/changing-dna-of-serious-and-organised-crime. It covers the tactics of organsied crime – including finances and money laundering – and crime types, such as the drugs trade, intellectual property crime, and fraud. As for forecasting, the document suggests that a settlement of Russia’s war against Ukraine ‘may bring along shifting opportunities for criminal networks. These may include more activity in firearms trafficking; a growing recruitment pool for members of criminal networks; frauds related to recovery funds; a further blurring of lines between licit and illicit structures’.
While the report describes serious and organised crime as ‘a profit-driven activity’, it notes that criminal networks can become proxies for ‘hybrid threat actors’, to carry out crimes such as ‘sabotage of critical infrastructure through digital or physical means, information theft, disinformation campaigns, cyber-attacks’, among others. Such use of proxies may be cost effective for states, and allows states to deny direct involvement, the document suggests. It points to an increase in politically motivated cyberattacks against critical infrastructure and public institutions, originating from Russia and countries in its sphere of influence.
Comment
Andy Norton, European Cyber Risk Officer at Armis, said: “Cyberwarfare is no longer perceived as rare, high profile, one-off attacks – it’s a continuous, hybrid assault designed to erode trust and destabilise nations over time. Europol’s latest report confirms this shift, with Russia and its proxies using AI and automation to scale cyber threats like never before. Critical infrastructure – healthcare, energy, and supply chains – isn’t just collateral damage, it’s a prime target.
“A ‘set it and forget it’ approach to cybersecurity that relies on legacy point products and siloed security solutions is no longer adequate. Organisations must prioritise immediately gaining a comprehensive, real-time understanding of their environment and their extended attack surface. With this insight, security teams are enabled to proactively mitigate their cyber risk exposure using AI to anticipate and counter evolving tactics before they impact their organisation. These threats are relentless, our defences must be too.”
