A new assessment reveals how extensively Russia has targeted Europe’s critical infrastructure in recent years, using sabotage, vandalism, espionage and covert action to impose costs, sow insecurity and undermine support for Ukraine.
The analysis is drawn from The Scale of Russian Sabotage Operations Against Europe’s Critical Infrastructure, an August 2025 report by Charlie Edwards and Nate Seidenstein of the International Institute for Strategic Studies (IISS).
The authors compile what they describe as the most comprehensive open-source dataset of suspected and confirmed Russian sabotage activity across the continent, showing a dramatic escalation in both frequency and range of targets since 2022.
According to the report, Russia’s campaign is part of an “unconventional war” designed to destabilise European governments, weaken public support for Ukraine and hinder NATO’s ability to respond. The activity spans physical attacks such as arson and sabotage, interference with undersea cables, GPS jamming, and the use of low-tech tools by online-recruited proxies.
A chart in the report’s introduction shows hybrid-warfare incidents rising sharply after Russia’s full-scale invasion of Ukraine, with energy, communications, government and transport infrastructure especially affected
European infrastructure is highly vulnerable, the report notes, due to aging grids, outdated software, fragmented regulation and significant private-sector ownership. The report underlines that many key systems—railways, water management, power grids—were built decades ago, creating single points of failure that can generate cascading disruptions across borders.
Submarine cables, responsible for transmitting 95% of global data, are singled out as particularly exposed, with limited redundancy and high economic value.
Documented incidents span a broad geography. A map on page 6 visually plots suspected Russian-linked attacks from 2018 to mid-2025 across dozens of European states, covering sabotage of transport lines, energy assets, water plants, undersea cables, GPS signals, and military logistics hubs. Examples include sabotage of high-speed rail lines before the 2024 Paris Olympics, spy-camera rings monitoring railways in Poland, water-supply tampering at German and NATO bases near Cologne and Geilenkirchen, and anchor-dragging operations that severed multiple Baltic undersea data cables.
The report attributes much of Russia’s operational shift to the expulsion of about 400 Russian intelligence officers from Europe in 2022, which forced Moscow to adopt what the authors call a “gig economy” model.
It describes how Russian handlers now use platforms like Telegram to recruit third-country nationals, particularly migrants from Eastern Europe, assigning tasks that range from petty vandalism to more serious sabotage of critical infrastructure. This approach has expanded the scale of operations even as the quality of proxies has declined, making many incidents more detectable and sometimes amateurishly executed.
Despite this, the report finds that Russia’s sabotage operations increased by 246% from 2023 to 2024. with at least 25 publicly known sabotage, espionage or vandalism incidents targeting NATO-linked infrastructure in the first five months of 2025.
These include parcel-bomb devices at DHL logistics hubs in Germany, Poland and the UK—described on page 11 as test runs involving magnesium-based flammables inserted into electric massagers—and a series of arson attempts in Germany and Poland tied to Russian operatives.
Undersea infrastructure has been a consistent focus. The report recounts incidents involving the Cook Islands–flagged Eagle S, which severed the Estlink-2 cable, and the Yi Peng 3, suspected of cutting cables linking Finland, Germany, Sweden, and Lithuania. Repairing a single severed cable can cost tens of millions of euros, not counting economic losses.
Europe’s response has been mixed. Though NATO and EU states have increased coordination—including Baltic Sentry maritime patrols and the launch of NorthSeal in 2025—the report notes that these efforts remain reactive, fragmented, and costly. A chart on page 12 summarises NATO’s strategy of “deterrence through denial,” built around resilience measures, but the authors argue that this approach has not deterred Russia’s low-cost, low-risk sabotage model.
The report concludes that Europe’s reliance on defining Russia’s actions as “grey zone” aggression has inhibited decisive responses. Without clear thresholds for action or consistent public attribution, Russia faces little deterrent pressure. But allowing sabotage to become normalised risks long-term strategic erosion and miscalculation, it concludes.
In a career spanning three decades and counting, Ramananda (Ram to his friends) has been the foreign editor of The Telegraph, Outlook Magazine and the New Indian Express. He helped set up rediff.com’s editorial operations in San Jose and New York, helmed sify.com, and was the founder editor of India.com.
His work has featured in national and international publications like the Al Jazeera Centre for Studies, Global Times and Ashahi Shimbun. But his one constant over all these years, he says, has been the attempt to understand rising India’s place in the world.
He can rustle up a mean salad, his oil-less pepper chicken is to die for, and all it takes is some beer and rhythm and blues to rock his soul.
Talk to him about foreign and strategic affairs, media, South Asia, China, and of course India.
