A hacked dam in Norway. A severed telecoms cable in the Baltic Sea. A warehouse set ablaze in East London.
Individually, each incident could be dismissed as an isolated act, a criminal investigation, a maritime mishap, a case of arson. Taken together, Western officials and security analysts say they point to something more deliberate: a sustained campaign of sabotage across Europe designed to destabilise without triggering open conflict.
Experts argue that Moscow is operating in what is often described as the “grey zone”, hostile activity calibrated to remain below the threshold that would provoke a military response from NATO.
A familiar playbook, adapted
In Ukraine, Russia’s targeting of critical infrastructure has been overt. Power stations, railway networks and energy facilities have repeatedly come under attack, particularly during winter months.
Analysts now believe elements of that strategy are being replicated across Europe, albeit in more covert and deniable forms.
Charlie Edwards, senior fellow for strategy and national security at the International Institute for Strategic Studies, warns that much of Europe’s critical infrastructure is inherently exposed.
“Your energy system, your submarine cables, your water treatment plants, your logistics supply chains, your rail networks… are exposed,” he said.
He argues the vulnerability is not only technical but structural. Large portions of European infrastructure are owned or managed by private companies, often operating with varying levels of security investment. Ageing operational technology, inconsistent cyber protections and slow upgrades can create exploitable weaknesses.
The return of sabotage
The Russian concept of gibridnaya voyna, or hybrid warfare, stems from Soviet-era doctrine and involves applying pressure across multiple domains simultaneously, including cyber, economic and physical disruption.
Daniela Richterová, senior lecturer in Intelligence Studies at King’s College London, says sabotage is no longer a relic of the Cold War.
“Attacks against mostly critical infrastructure… this can be done in various ways, by blowing things up, by contaminating resources, by setting fires… maybe cutting bits of critical infrastructure,” she said.
Recent cases illustrate the range of methods involved.
Norway: a hacked dam
In Norway, a dam’s floodgates were opened after attackers exploited weak protections. Footage circulated online appeared to show a water release valve pushed to maximum capacity.
Dr Richterová noted that had the dam been located differently, significant civilian flooding could have occurred. Norway’s security service publicly attributed the attack to Russia, an unusual move that underscored the seriousness of the breach. Investigators pointed to older, less sophisticated systems as a contributing factor.
London: sabotage by proxy
In the UK, Dylan Earl and associates were arrested and jailed after a Ukrainian-owned warehouse in London was set on fire.
Former British Army staff sergeant Dave Butler, who served with the military intelligence unit BRIXMIS during the Cold War, said the use of locally recruited individuals to carry out limited tasks is a familiar tactic.
“You don’t need a highly skilled intelligence operator to come into the country… if they’ve all got just one task to take care of,” he said.
Dr Richterová added that those involved in the London case were allegedly instructed to conduct surveillance rather than commit arson, highlighting the unpredictability of proxy operations.
Baltic Sea: cables and the shadow fleet
Undersea cables, which carry substantial volumes of Europe’s telecommunications and data traffic, have also been targeted.
After a series of suspicious incidents in the Baltic Sea, NATO launched Baltic Sentry, a mission aimed at deterring further damage. However, on New Year’s Eve 2025, Finnish authorities raided the Fitburg, described as part of Russia’s “shadow fleet”, on suspicion it had dragged its anchor for tens of kilometres across a key cable connecting Finland and Estonia.
Mr Edwards described the incident as appearing deliberate and questioned whether Baltic Sentry was functioning as effectively as intended.
The DHL parcel plot
One of the most concerning cases involved explosions linked to parcels moving through delivery firm DHL in 2024.
A group of men were later charged with participating in a Russian-coordinated plot to send explosive parcels to Britain, the United States and Canada. The devices detonated in warehouses rather than on aircraft, but analysts believe the operation came close to causing mass casualties.
Mr Edwards questioned whether the intent had been to sabotage aircraft or target logistical infrastructure linked to the war in Ukraine. He noted that had planes been destroyed mid-air, it would likely have been regarded as an act of war.
Concerns in Washington were reportedly so significant that then US President Joe Biden is said to have contacted the Kremlin directly to warn that such activity crossed a red line. No comparable publicly attributed incidents have followed.
Below the threshold
Despite the breadth of incidents, analysts say Russia appears careful not to cross into actions that would trigger NATO’s Article 5 collective defence clause.
“The objective is not to kill people at this point,” Dr Richterová said, arguing that mass casualties could fundamentally alter the political calculus.
Lord Toby Harris, chair of the National Preparedness Commission, warned that the greater danger lies in coordinated attacks designed to overwhelm systems simultaneously, disrupting internet services, power supplies and logistics networks at the same time.
For now, the incidents remain disruptive rather than catastrophic. But experts caution that the pattern reflects a strategy aimed at undermining confidence, exposing vulnerabilities and demonstrating reach.
In Ukraine, the destruction is overt. In Europe, it is deniable.
The challenge for NATO and European governments is whether they can strengthen critical infrastructure and deter escalation before a future attack moves beyond disruption, and into something far more deadly.
