Europe Under Siege: Cyber-Physical Threats Impact Smart Mobility

The recent series of critical infrastructure failures and cyberattacks across Europe have revealed alarming vulnerabilities in interconnected network systems. In April 2025, a troubling sequence of events unfolded: highly unusual UK power frequency irregularities on the Viking Link connecting the UK and Denmark, followed closely by a widespread blackout across the Iberian Peninsula—all while major UK retailers suffered coordinated cyberattacks.

Key Takeaways

A series of infrastructure incidents across Europe in April-May 2025 reveals growing vulnerability patterns in critical systems
The Viking Link between the UK and Denmark experienced unexplained frequency fluctuations that highlight risks to cross-border energy infrastructure
The Iberian Peninsula suffered a nationwide power outage on April 29, 2025, affecting multiple essential services and triggering cybersecurity concerns
Major UK retailers including M&S and Co-Op fell victim to DragonForce ransomware attacks in early May, exploiting social engineering vulnerabilities
These incidents create urgent security implications for automotive smart mobility, communication service providers, and smart city infrastructure

Recent Cyberattacks and Infrastructure Failures: A Growing Threat to Connected Systems

Late April to early May 2025 saw an alarming sequence of events across European critical infrastructure. The timeline began with UK grid irregularities on April 28, followed by an unprecedented Iberian blackout on April 29, and culminated with sophisticated cyberattacks targeting major UK retailers in early May. These incidents didn't necessarily occur in isolation—they highlight the increasing risks created by interconnected digital and physical systems.

The pattern of these failures has raised serious questions about the security of cyber-physical systems that power modern economies. While investigations into potential coordination between these events continue, the impact has been immediate: heightened security alerts across multiple sectors and renewed focus on protecting critical infrastructure against both technical failures and malicious attacks.

a-photo-of-a-power-substation-with-numer_AV4dbx6YRaKpGw9MY2yjWQ_3VE6-8JOSzW-4XQExzM5NQ.png

Viking Link Instability: Critical UK-Denmark Power Connector at Risk

On April 28, 2025, the UK National Energy System Operator (Neso) detected unexplained frequency fluctuations in the British grid at 2 a.m. and again at 6 p.m. These incidents involved both the Keadby 2 gas-fired plant and the Viking Link—the world's longest subsea electricity interconnector spanning 765 km between the UK and Denmark with a 1.4 GW capacity.

The Keadby 2 plant power failure started around 2 a.m. The precise duration of the outage is not specified in currently available public reports for the April 2025 incident, but there is speculation that the plant was offline for a few days.

Meanwhile, the Viking Link interconnection outage lasted until about 11 a.m. The Viking Link, which began operations in December 2023, currently operates at a limited 800 MW capacity due to grid reinforcement needs in Denmark. Despite these limitations, it can supply up to 2.5 million UK homes and is expected to save UK consumers over £500 million in its first decade of operation.

Grid stability remains a critical concern; a frequency plunge below 49.275Hz in 2023 was among the worst recent events on the UK grid.

Iberian Peninsula Blackout: Unprecedented Multi-System Collapse

On April 29, 2025, Spain and Portugal experienced a devastating nationwide power outage that paralyzed both countries for 10 hours. The blackout's effects were far-reaching, disrupting transport networks, communications, airports, hospitals, emergency services, and even extending into southern France. Full nationwide power restoration was not declared until 23 hours after the blackout. The simultaneous failure of multiple critical systems immediately raised suspicions of a coordinated cyberattack.

A dark control room with illuminated screens showing power grid management systems, with warning alerts visible and technicians working urgently at computer stations.

Red Eléctrica de España (REE) and Portugal's REN have issued statements confirming ongoing investigations but have not yet confirmed malicious activity as the cause. Initial explanations point toward a rare atmospheric phenomenon combined with technical faults, though digital forensics continue. The World Economic Forum has specifically cited this incident when warning about increasing cyber threats to energy infrastructure globally, drawing parallels to the 2015 Ukraine power grid attack.

UK Retail Under Attack: DragonForce Targets Major Brands

In early May 2025, a series of coordinated cyberattacks hit three prominent UK retailers: Marks & Spencer, Co-Op, and Harrods. M&S suffered the most significant impact from DragonForce ransomware, linked to the notorious Scattered Spider group. The attack disrupted online orders, blocked Click & Collect services, and disabled contactless payment systems across their retail network.

Co-Op took emergency measures by restricting VPN access after losing significant customer data, though they successfully prevented full ransomware deployment. Harrods imposed strict internal internet restrictions following an attempted breach. The UK National Cyber Security Centre (NCSC) quickly identified that all three attacks exploited social engineering tactics to gain initial access, prompting the center to issue urgent nationwide security guidance for businesses.

Navigating the Risks: Data Breaches and IoT in Smart Mobility

Smart mobility’s increasing reliance on IoT devices has significantly amplified data privacy and cybersecurity risks, making both individuals and entire industries vulnerable to large-scale breaches and ransomware attacks. A striking example is the 2024 ransomware attack on CDK Global, a major software provider for over 15,000 US automotive dealerships, which resulted in estimated losses of $1.02 billion and disrupted operations for nearly three weeks.

This incident highlights how the vast amounts of sensitive data collected by smart mobility systems-ranging from personal identifiable information to real-time location and payment details-create a sprawling attack surface, especially when devices are diverse, poorly secured, or unpatched. The consequences of such breaches extend beyond immediate financial losses, threatening operational data, trade secrets, and even physical safety, while also triggering regulatory scrutiny, legal fallout, and a loss of customer trust.

As connected vehicles and mobility platforms continue to proliferate, there is an urgent need for stronger, adaptive cybersecurity measures, transparent data governance, and updated regulations to safeguard privacy and ensure the resilience of the smart mobility ecosystem.

Automotive and Smart Mobility: New Targets in the Cyber Crosshairs

The recent infrastructure failures across Europe have significant implications for automotive and smart mobility sectors. Connected vehicles and charging infrastructure share vulnerabilities with the affected systems, creating potential entry points for malicious actors. The proliferation of IoT devices in automotive systems substantially expands the attack surface, presenting critical challenges for mobility OEMs.

a-photo-of-a-european-smart-city-during-_wafm_XiPSkqCIGaS1NdJBQ_OOKGuASpS862-K55HP5BLg.png

Vehicle-to-grid connections introduce additional cybersecurity concerns as they link critical energy infrastructure with transportation systems. Smart mobility networks rely on the same potentially vulnerable network infrastructure that has been exposed in recent attacks. This convergence raises growing concerns about vehicle safety and consumer data protection, particularly as autonomous features become more prevalent.

Communication Service Providers: The Critical Link in Infrastructure Security

Communication Service Providers (CSPs) form the backbone of connected infrastructure across all the affected sectors. This central position makes telecom infrastructure an increasingly appealing target for attackers seeking lateral movement across multiple systems. The network vulnerabilities exposed in the recent incidents directly apply to CSP security, highlighting the need for enhanced protection measures.

The ongoing deployment of 5G infrastructure creates both new security challenges and opportunities. While offering improved security features, 5G networks also introduce more complex architectures with expanded attack surfaces. The lessons from recent infrastructure failures underscore the necessity for CSPs to implement advanced security protocols, network segmentation, and comprehensive monitoring systems to detect and mitigate potential threats.

Smart Cities at Risk: Lessons from Infrastructure Failures

Smart city technologies share many of the integrated systems vulnerabilities demonstrated in the recent infrastructure failures. Urban management systems—including traffic control, utilities, and public safety—are susceptible to similar attacks that could cause widespread disruption. The recent incidents clearly demonstrate how cascading failures can affect multiple city systems simultaneously, amplifying their impact.

The growing interconnection between city services significantly increases risk exposure. Smart cities must learn from comparisons to past cyber-physical attacks, such as the 2015 Ukraine power grid attack and the 2021 Colonial Pipeline incident. These historical events provide valuable lessons on how sophisticated actors can target critical infrastructure with devastating effects on urban populations.

Security Strategies: Protecting Connected Infrastructure

In light of these threats, OEMs, CSPs, city metro-nets and power providers must strengthen their supply chain risk assessment and threat intelligence sharing capabilities. Several key actions are recommended to enhance security posture:

Adopt zero-trust architectures throughout organizational systems
Implement comprehensive SIEM/EDR solutions for real-time threat detection
Establish proper network segmentation to contain potential breaches
Conduct regular penetration testing and vulnerability assessments
Develop incident response plans specific to cyber-physical attacks

Regulatory frameworks provide essential guidance, including specific NCSC recommendations and WEF guidelines on critical infrastructure protection. International cooperation across public and private sectors has become essential, as threats increasingly transcend national boundaries. System redundancy and offline backup capabilities have proven crucial for resilience, while secure-by-design principles must be embedded in all new infrastructure developments.

The recent incidents across Europe serve as a wake-up call for all stakeholders involved in connected infrastructure. Only through coordinated action, improved security practices, and continued vigilance can we protect the critical systems that smart mobility depends upon.