Russian Hybrid Warfare Expands in Scope and Reach

Russian Cyber Operations Target Central and Eastern Europe with Growing Sophistication

Cyber-attacks attributed to Russia across Central and Eastern Europe have intensified in both complexity and strategic objectives, according to security analysts and recent incident reports. These digital operations range from targeted government network intrusions aimed at stealing sensitive policy documents to sophisticated election interference campaigns designed to undermine democratic institutions.

Russian-linked hacking groups, most notably APT28 (also known as Fancy Bear), which security experts widely connect to Russian intelligence services, have executed increasingly advanced campaigns resulting in confidential data theft and critical infrastructure disruption. In May 2024, Polish government institutions reportedly fell victim to an APT28 operation that deployed specialized malware and sophisticated social-engineering techniques to access sensitive files and potentially compromise information systems.

Electoral systems have become particularly concerning targets as Russian actors seek to undermine democratic processes and erode public confidence. These operations have included attempts to access voter databases, tamper with vote-counting mechanisms, and strategically leak election-related information. During the lead-up to the 2024 European Parliament elections, security agencies identified Moscow-aligned disinformation campaigns specifically designed to bolster extreme, Eurosceptic, and anti-Ukrainian political factions – potentially destabilizing the European Union from within.

The technical sophistication behind these operations continues to evolve. Russia has developed and deployed an array of disruptive cyber capabilities including ransomware, distributed-denial-of-service (DDoS) attacks that render systems inaccessible, and custom malware providing unauthorized network access and persistent control.

Media organizations and NGOs have faced frequent targeting beyond simple data theft. These attacks aim to spread falsehoods, generate public confusion, and undermine trust in independent journalism. Tactics have included intrusions into editorial systems to alter content and plant fabricated stories. In January 2022, numerous Ukrainian government agencies and NGOs were struck by WhisperGate malware, which presented itself as ransomware while causing significant operational disruption.

The regional pattern of attacks is clear. On May 31, 2023, hackers compromised the Polish Press Agency website to publish false claims about government plans for general mobilization, creating panic and spreading disinformation. In March 2023, attackers targeted Ukraine’s civil registry and property databases – some stored in Poland – deleting over a billion rows of data. Czech rail infrastructure faced similar attacks from eastern sources in 2022.

“These incidents, whether directly attributed to Russian services or not, demonstrate the growing threat from state-backed cybercriminals operating in the region,” said a regional security expert speaking on background. “Media organizations are particularly vulnerable, as attacks can completely block website access and seize control of newsroom IT systems, severely limiting their ability to inform the public.”

Russia’s broader information operations remain a core component of its hybrid warfare strategy. These coordinated efforts aim not only at political destabilization but also at undermining citizens’ trust in democratic institutions and Western alliances like NATO and the EU. The Kremlin employs diverse tools including propaganda channels such as Russia Today and Sputnik, alongside thousands of fake social media accounts to manipulate public opinion, foster instability, and strengthen anti-Western sentiment across Central and Eastern Europe.

A primary objective of Russian disinformation campaigns is eroding trust in international institutions vital to the region’s security. False narratives regularly suggest these alliances cannot effectively defend member states against Russian aggression. For example, Russian Telegram accounts recently circulated fabricated claims that NATO Secretary-General Mark Rutte threatened to “exclude the United States from the alliance if Donald Trump were to hand Ukraine to Russia” – statements Rutte never made.

Disinformation campaigns also target refugees and migrants to heighten social divisions within these countries. By portraying migrants as threats to public order, these narratives aim to incite tensions and foster radical anti-democratic attitudes – particularly dangerous amid Europe’s ongoing refugee challenges.

In response, Central and Eastern European countries have implemented extensive measures to strengthen information resilience. In March 2022, the EU adopted the “Strategic Compass” initiative to reinforce security and defense capabilities through 2030, emphasizing cyber-resilience and incident-response improvements. Regional broadcasters from Poland, Lithuania, Latvia, Ukraine, and Romania signed a declaration in March 2023 pledging cooperation against disinformation through information sharing and joint counter-narrative actions.

NATO’s Centre of Excellence for Strategic Communications in Riga has become instrumental in supporting member states’ resilience against information manipulation, conducting research into disinformation techniques and developing effective countermeasures. Similarly, EU initiatives like the European External Action Service and the European Centre for Countering Disinformation provide monitoring, analysis, and verification tools to help member states detect and neutralize false narratives more effectively.