Geopolitically Driven Cyber Activity and Hybrid Operations Escalate Across Europe and Major Events
Multiple reports describe an uptick in state-linked and politically motivated cyber activity in Europe, framed as part of broader hybrid warfare. Dutch intelligence (AIVD/MIVD) warned that Russia is intensifying a mix of cyberattacks, sabotage, disinformation, covert influence, and espionage designed to stay below the threshold of open conflict while testing Western red lines and undermining support for Ukraine. Related policy commentary notes growing calls from European and NATO officials for stronger “strike back” or offensive cyber capacity, but argues that political will and proportional response options—especially against proxy-driven sabotage—remain the limiting factors rather than technical capability.
Separately, threat reporting tied to the 2026 Winter Olympics indicates increased hacktivist mobilization and targeting chatter against Olympic-adjacent entities (e.g., transportation, sponsors, and overlapping supply chains), alongside continued targeting of the defense industrial base by a mix of hacktivists, state actors, and cybercriminals. A case study on Venezuela’s Caracas outage during “Operation Absolute Resolve” cautions against attributing major disruptions to “cyber-only” effects when available evidence also indicates substantial kinetic/physical damage to substations, underscoring that modern operations may integrate cyber and physical actions and that misframing can distort infrastructure security priorities.
Timeline
Apr 22, 2026
Dutch intelligence says China has reached U.S.-level cyber capability
In its annual report, the Dutch MIVD warned that China has likely achieved parity with the United States in offensive cyber capabilities and that only a limited portion of Chinese operations against Dutch interests are detected. The report also said Chinese actors accessed routers at smaller Dutch hosting and internet providers in 2025 and warned of increased 2026 campaigns targeting edge devices and strategic Dutch sectors.
Apr 21, 2026
EU sanctions Euromore and Pravfond over Russian influence operations
The European Union imposed sanctions on the pro-Russian organizations Euromore and Pravfond, accusing them of supporting Kremlin-aligned disinformation and hybrid influence operations targeting Europe and Ukraine. The measures freeze any EU-based assets and bar EU citizens and companies from providing the groups with funds or economic resources.
Mar 31, 2026
Report says Russia intensifies hybrid influence ahead of Armenia election
A report published on 2026-03-31 said Russia had stepped up hybrid warfare tactics in Armenia ahead of the June 7 parliamentary election, including information operations, influence campaigns, and support for opposition forces with strong Russian ties. The article framed the vote as a pivotal contest over Armenia's geopolitical orientation toward the West or continued Russian influence.
Mar 27, 2026
U.K. prepares tighter political donation rules over foreign interference
The British government began preparing reforms to political donation rules after the Rycroft Review and a cross-party parliamentary report warned that foreign interference in U.K. democracy is becoming more sophisticated across financial and information channels. Proposed measures included a temporary ban on cryptocurrency donations and a £100,000 annual cap on contributions from overseas voters.
Mar 27, 2026
Latvia accuses Russia of disinformation campaign targeting Baltic states
Latvia's Defense Ministry said Russia was running a coordinated disinformation campaign against Latvia, Lithuania, and Estonia by falsely claiming the Baltic states enabled Ukrainian attacks on Russia from their territory or airspace. Latvian officials said the effort aimed to discredit NATO, undermine trust in state institutions, and weaken support for Ukraine, including through social media bot activity.
Mar 23, 2026
Report alleges Russian influence campaign in Hungary's 2026 election
Reporting published on 2026-03-23 alleged that Russia was conducting a covert influence operation to help Viktor Orban ahead of Hungary's April 12 election, including online attacks on opposition leader Peter Magyar and other election manipulation tactics. The report also cited an alleged internal SVR document discussing extreme scenario planning, including a fake assassination attempt, as part of efforts to preserve a key Russian ally inside the EU.
Mar 16, 2026
Pro-Kremlin campaign exploits Ukraine energy blackouts
By mid-March 2026, EUvsDisinfo reported that pro-Kremlin foreign information manipulation campaigns were using Russia’s strikes on Ukraine’s energy infrastructure to depict Ukraine as collapsing, socially unstable, and abandoned by Europe. The report said these narratives were contradicted by polling, continued government aid, and grassroots fundraising and energy support across Europe.
Mar 13, 2026
Pro-Kremlin disinformation pivots to Iran war to undermine Ukraine
EUvsDisinfo reported that Kremlin-aligned information operations rapidly shifted to the Iran/Middle East conflict, pushing false narratives that portrayed Ukraine as a destabilizing actor and suggested Kyiv might stage provocations to regain attention. The campaign also circulated fabricated claims, including a fake Euronews story about an Iranian missile strike on property allegedly linked to an aide of Ukraine's commander-in-chief.
Mar 9, 2026
Attacks on Jewish and Israeli-linked sites raise Iranian hybrid threat concerns
Beginning on 2026-03-09, a series of low-casualty attacks targeted Jewish and Israeli-linked sites in Belgium, the Netherlands, and the United Kingdom. Analysts said the incidents, claimed by the previously unknown HAYI group and amplified through pro-Iranian online networks, may indicate likely Iranian-backed hybrid activity in Europe, though definitive proof was not established.
Feb 20, 2026
Dutch intelligence warns Russia is intensifying hybrid attacks
AIVD and MIVD publicly warned that Russia is stepping up cyberattacks and other hybrid operations across Europe while preparing for a long standoff with the West. The agencies said a direct Russia-NATO clash remains unlikely but is no longer unthinkable.
Feb 20, 2026
Hacktivist communities escalate Olympic-related cyber coordination
Threat intelligence reporting around the 2026 Winter Olympics identified increased hacktivist chatter, mobilization, and operational coordination tied to protests and geopolitical tensions. Online communities referenced Olympic-related targets such as transportation infrastructure and sponsors.
Feb 19, 2026
CyberScoop report challenges cyber-only narrative of Caracas outage
CyberScoop reported that publicly available evidence points to substantial kinetic damage during the January 3 Caracas outage and that no public confirmation from the Pentagon or U.S. Cyber Command supports a cyber-only explanation. Experts said cyber activity may have played a supporting role rather than being the sole cause.
Jan 3, 2026
Evidence emerges of kinetic damage at Caracas substations
Public videos, photos, journalist accounts, and Venezuelan government statements described destroyed equipment, bullet impacts, blown doors, oil leaks, and fires at substations including Panamericana, Escuela Militar, and Fuerte Tiuna. Analysts and experts said the visible physical damage alone could plausibly explain the localized outages.
Jan 3, 2026
Operation Absolute Resolve triggers Caracas power outage
A major power outage struck Caracas on January 3 during Operation Absolute Resolve. Early reporting widely characterized the disruption as a precision cyberattack affecting Venezuela's power grid.
Sep 1, 2024
Attack on Dutch police steals officers' contact details
A Russian-linked group later dubbed Laundry Bear carried out a September 2024 attack on Dutch police systems, stealing work contact details of police officers. Dutch intelligence later highlighted the intrusion as a notable example of Russian cyber activity targeting the Netherlands.
Jan 1, 2024
Russia's risk tolerance in hybrid operations increases
According to Dutch intelligence, Russia became more willing in 2024 to accept physical damage and potential casualties in its operations against Europe. The shift was cited as evidence of a more aggressive hybrid campaign.
Dec 1, 2023
Russia-linked hybrid activity in Europe rises sharply
Dutch intelligence assessed that Russian hybrid operations across Europe, including cyberattacks, sabotage, disinformation, covert influence, and espionage, increased significantly starting in late 2023. The agencies said this marked the beginning of a more sustained confrontation below the threshold of open war.
Jan 1, 2023
Ukraine reports rise in Russian-directed sabotage-for-propaganda scheme
Ukrainian prosecutors and security officials said sabotage incidents in Ukraine have increased since 2023 and are suspected to be orchestrated by Russian intelligence through the online recruitment of vulnerable individuals via social media and Telegram. Officials and researchers said the acts are then amplified by pro-Russian propaganda networks to falsely depict a broad anti-government underground movement, despite no evidence of a nationwide resistance.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Organizations
Sources
5 more from sources like osint team blog, euvsdisinfo and the record media
Related Stories
Escalating Russian Hybrid Warfare and Policy Responses in Europe
New analysis warns Russia is likely to escalate its opportunistic hybrid activity in Europe into a more coordinated campaign consistent with **New Generation Warfare (NGW)** doctrine, integrating cyber operations, influence activity, and sabotage across a broader geographic footprint and at higher tempo. The assessment anticipates more synchronized, multi-domain actions designed to degrade NATO cohesion and readiness—such as pairing physical disruption (for example, airspace violations affecting critical infrastructure like airports) with cyberattacks (for example, **DDoS** against communications) to amplify operational and psychological impact. Ukrainian officials are simultaneously pushing for tighter regulation of **Telegram**, citing its repeated use by Russian intelligence to recruit locals for sabotage and terrorist attacks; the calls followed a deadly incident in Lviv that Ukrainian leadership attributed to Russia and said involved recruitment via Telegram. Separately, polling across major NATO countries indicates strong public support for treating severe hybrid actions—such as cyberattacks that shut down hospitals or power grids and sabotage of undersea cables or energy pipelines—as **acts of war**, highlighting a growing gap between public sentiment and NATO governments’ typically restrained responses to hybrid aggression.
1 months ago
Nation-State and Hacktivist Cyber Threats Targeting Europe
European organizations are facing a surge in cyberattacks driven by nation-state actors, financially motivated cybercriminals, and hacktivist groups. According to assessments from cybersecurity experts, many of these attacks are linked to ongoing geopolitical tensions, particularly Russia's invasion of Ukraine, and increasingly involve coordinated operations with North Korea. The tactics used include distributed denial-of-service (DDoS) disruptions, website defacements, and data leak campaigns, often with the primary goal of propaganda or strategic intelligence collection. Other persistent threat actors include groups from Iran, China, Turkey, Kazakhstan, and India, who target European entities for motives ranging from intellectual property theft to financial gain. The spillover from conflicts in the Middle East has also led to increased cyber activity against European organizations, especially those tied to Israel or Western military operations. Key sectors under threat include financial services, transportation, and non-governmental organizations. Experts warn that adversaries are seeking new ways to compromise identity and cloud infrastructure, reflecting a broader trend of evolving cyber operations shaped by global political developments.
1 months ago
Geopolitical Cyber Operations Targeting Critical Infrastructure and Economic Systems
Reporting and commentary highlighted how **state-linked cyber activity** is being used for sustained pressure against critical infrastructure and economic targets rather than isolated, one-off attacks. Taiwan’s government and related reporting described **China-linked probing and “prepositioning”** against Taiwanese critical infrastructure as ongoing and scaling, consistent with reconnaissance and access maintenance objectives that could enable future disruption. Separately, an op-ed argued that U.S. signaling around the ability to “darken” parts of Caracas and reported disruptions affecting Venezuela’s state oil sector illustrate how cyber-enabled interference can function as a tool of state power **below the threshold of open conflict**. A longer-form retrospective on the Russia–Ukraine conflict framed the period as a “full-scale cyber war,” citing the **Kyivstar destructive attack** attributed to **Sandworm** as a landmark incident: attackers reportedly maintained access for months before wiping large portions of the operator’s environment, disrupting telecom and related services. The same piece described Ukraine’s broader incident volume growth and the use of multiple **wiper malware** families, alongside claims of Ukrainian retaliatory operations (e.g., DDoS activity against Russian banking), reinforcing the theme that critical infrastructure and national economic systems are central targets in modern geopolitical cyber campaigns. While one weekly “signals” post also mentioned patch/KEV dynamics and SaaS exposure as near-term risk amplifiers, its primary geopolitical takeaway aligned with the broader pattern of sustained state-linked activity against critical infrastructure.
1 months ago