Listen to the article
Latvia’s security officials revealed Wednesday that two individuals, acting on behalf of Russian interests, set fire to a train and railway infrastructure in the Baltic nation last August, adding to a growing list of suspected Russian-linked sabotage across Europe.
According to Latvia’s State Security Service, the perpetrators not only targeted a train and railway relay cabinets—critical equipment that controls train movements—but also filmed the attack. The footage was subsequently handed over to their handlers, who repurposed it as propaganda, falsely claiming the incidents occurred in Ukraine.
This Latvian case represents just one of at least 151 incidents of sabotage and malicious activities across Europe that Western officials have linked to Russia since its February 2022 invasion of Ukraine, according to an Associated Press investigation. Security experts believe these attacks serve multiple purposes: undermining support for Ukraine, sowing fear and discord within European societies, and stretching the investigative resources of targeted nations.
“Russia typically employs proxies for these operations,” said a European security analyst familiar with the pattern. “In many cases, the individuals carrying out the acts aren’t even aware they’ve been recruited by Moscow, creating layers of deniability.”
The Baltic and Eastern European regions have been particularly targeted. In November, Polish officials attributed several incidents of rail sabotage to Russian intelligence services, specifically targeting lines used to deliver aid to Ukraine. More recently in January, Polish Prime Minister Donald Tusk revealed that hackers “directly linked to Russian services” attacked combined heat and power plants that supply nearly half a million customers, along with multiple renewable energy facilities.
Nordic countries have also experienced similar intrusions. Danish officials reported that Russian-linked cyberattacks in 2024 disrupted a water utility, leaving households without water service. In Norway, police disclosed that pro-Russian hackers remotely accessed a dam’s control systems in August, opening a valve that released water downstream.
Ciaran Martin, former head of the UK’s National Cyber Security Centre, told AP these incidents reveal the vulnerability of European critical infrastructure and signal Moscow’s “more aggressive posture” toward countries it considers adversaries. Martin highlighted the emergence of “cyber-kinetic” operations, where Russian-linked hackers manipulate physical systems—such as altering water flows—to create real-world consequences.
Western Europe has not been spared. Italian authorities continue to investigate the sabotage of multiple high-speed railway lines that coincided with the opening of the Milan-Cortina Winter Olympics in February. According to Italy’s ANSA news agency, the attacks involved burning or cutting infrastructure, disrupting travel for thousands of passengers. Italian Foreign Minister Antonio Tajani also reported Russian-originating cyberattacks targeting Olympics-related websites, hotels in Cortina, and foreign ministry systems.
Similarly, France experienced sabotage of high-speed railway lines on the opening day of the summer Olympic Games. Though neither Italy nor France has officially attributed these incidents to Russia, the timing and methods align with patterns seen elsewhere across Europe.
The Kremlin has consistently denied involvement in any coordinated sabotage campaign when questioned by international media. However, security officials across multiple European countries remain convinced of Moscow’s hand in these operations, pointing to similar techniques, timing, and strategic objectives.
These incidents highlight the evolving nature of hybrid warfare, where conventional military operations in Ukraine are complemented by destabilizing activities across Europe, targeting critical infrastructure and attempting to erode public confidence in national security measures.
European governments have responded by strengthening security around key infrastructure sites and enhancing cyber defenses, though the distributed and often low-tech nature of many attacks presents significant challenges for prevention efforts.
Fact Checker
Verify the accuracy of this article using The Disinformation Commission analysis and real-time sources.
9 Comments
It’s alarming to see the scale of these suspected Russian-linked sabotage incidents across Europe. The fact that they’re being used for propaganda purposes as well is especially troubling. I hope the targeted nations can work together to identify and mitigate these threats effectively.
While I’m not surprised to see Russia employing these types of tactics, the scope and coordination of the attacks is quite worrying. The use of proxies and disinformation adds an extra layer of complexity. Strengthening critical infrastructure security and intelligence sharing will be crucial going forward.
I’m curious to learn more about the specific techniques and motivations behind these attacks. Are they primarily aimed at disrupting logistics and transportation, or is there a deeper psychological/information warfare component at play? Understanding Russia’s playbook will be crucial for effective countermeasures.
The Latvian case underscores the broader pattern of Russian-linked sabotage we’ve seen across the continent. It’s clear Moscow is employing a range of tactics to sow chaos and undermine support for Ukraine. Vigilance and international cooperation will be essential going forward.
Interesting to see the Latvian security services uncover this Russian-linked sabotage. It’s concerning to see the growing number of such incidents across Europe, likely intended to undermine support for Ukraine. I wonder what other tactics Russia may be employing in the region.
You’re right, these attacks seem designed to create fear and discord. It’s important that European nations work together to investigate and mitigate these threats.
This is a concerning development, but not entirely surprising given Russia’s history of leveraging asymmetric tactics. The use of proxies and disinformation to cover their tracks is particularly concerning. Robust security measures and information sharing between nations will be key to staying ahead of these threats.
This is a troubling development, highlighting Russia’s willingness to use proxies and propaganda to target critical infrastructure across Europe. The fact they’re filming these incidents for further disinformation campaigns is particularly concerning.
Agreed, the use of propaganda to twist the narrative is quite insidious. Maintaining public trust and transparency will be key as nations work to address these security challenges.