Russia-Directed Sabotage in Europe

• Russia’s recruitment of low-cost, easily replaceable civilians to conduct sabotage attacks poses a risk of disproportionately high financial losses. Suspected Russian sabotage attacks are estimated to have caused hundreds of millions of euros in physical damage in 2022-25.
• Counter-sabotage responses remain largely national, with limited coordination between governments and between the public and private sectors, and therefore do not substantially deter or mitigate sabotage risks.
• Multinational measures focusing on sabotage prevention have proven costly and too resource-intensive in terms of equipment and personnel to be replicated nationally.
• Europe’s increased investment in defense and related projects and expanding support for Ukraine will likely result in an increase in the frequency and scale of sabotage, with more disruptive and costly impact.

The landscape of European security is undergoing a significant transformation as Russia-directed sabotage operations continue to evolve and intensify. Recent analysis from S&P Global Market Intelligence reveals a concerning trend: While 2025 saw a temporary decline in sabotage incidents, this reduction likely represents a strategic recalibration rather than de-escalation, with increased activity expected in 2026.

The evolving nature of Russian sabotage operations presents a complex challenge for European security. As we move into 2026, the ability to adapt and respond to these threats will be crucial for maintaining European stability and protecting critical infrastructure.

Sabotage is defined as state-sponsored covert operations below the threshold of interstate war, designed to degrade a country or international organizations using kinetic and cyberattack and information operations to influence foreign governments, their policies, and electoral outcomes.

Most Russian sabotage operations will likely continue to be executed by low-cost, minimally trained recruits or unwitting agents. Low-cost sabotage operations present a high risk of financial loss, with Russian sabotage estimated to have caused hundreds of millions of euros in physical damage and increased operational, security and insurance costs.

We estimate that indirect losses are likely to be several times higher. Ongoing investigations in Germany, France, Denmark, and Estonia are linking recent uncrewed aerial vehicle (UAV) sightings to Russia’s shadow fleet vessels operating in the Baltic Sea, used to circumvent EU restrictions on Russia’s seaborne oil imports.

If Russia were to recruit criminal smuggling networks to move UAVs into Europe, or to use their smuggling practices itself, it will likely broaden the geographic scope and range of targets for future UAV-based sabotage.

By conducting sabotage attacks in Europe, Russia is pursuing several strategic objectives:

• Eroding trust in governments and other democratic institutions among the European public through physical attacks and information operations.
• Influencing electoral outcomes by supporting anti-establishment, Russia-beneficial parties or movements through destabilization efforts prior to elections.
• Disrupting European support to Ukraine by interfering with logistics, defense production, and the effective working of critical infrastructure essential to aid delivery. 
• Inflicting economic damage by impacting strategic industries and infrastructure to a degree that causes financial loss and undermines economic and political stability (for instance, by reducing public support for a party or policy).
• Testing NATO’s cohesion by probing the alliance’s defense and resilience to threats below the threshold of open warfare and collecting intelligence. 
• Creating strategic advantages in the event of interstate conflict through intelligence gathering, intimidation, and disruption to governance structures.

Cyberattacks will continue to be employed both as standalone sabotage and as part of broader campaigns to exploit site-specific vulnerabilities for strategic objectives.

According to the UK’s National Cybersecurity Centre, in 2024, hackers linked to Russia disrupted hospital operations in the UK; while separate operations disrupted hospital works in Romania and unsuccessfully targeted water utilities in France in March and in Denmark in December.

Since 2022, in parallel to physical sabotage, European national intelligence agencies have recorded repeated attempts to remotely disrupt Europe’s power grid, water supplies, rail networks, and other critical infrastructure assets. Outdated digital infrastructure constitutes a major vulnerability across Europe.

National European counter-sabotage responses remain constrained by the extent of Russia’s objectives and the wide geography of sabotage operations and potential targets, and from bureaucratic complexity and state-level differences in priorities.

Lack of more effective agreement and coordination across relevant EU governments, agencies, and private companies means that European counter-sabotage efforts will remain largely reactive, with limited emphasis on prevention.

Multinational measures focusing on sabotage prevention have proven costly and too resource-intensive in terms of equipment and personnel to be replicated nationally.

Note: This blog post reflects analysis based on data available as of October 2025. Future developments may alter the projected trends and risk assessments.