Dispatches from the front lines of Russia-linked cyberattacks on Europe

Sweden’s announcement this week marks an important shift in how the country publicly frames the threat from Russia. Cyber intrusions against Swedish targets are not new, but for the first time, Swedish authorities have openly attributed such activity to actors linked to Russian security and intelligence services, connecting it to an attempted intrusion into critical infrastructure on Swedish territory.  

In Sweden, the reaction has been measured but serious, with the incident seen as part of a systematic pattern. Officials have explicitly linked it to similar attacks against energy systems in Poland in December, where coordinated operations targeted heat and power supply at scale, as well as in Norway and Denmark. The Swedish case caused no major disruption, as protective systems held, but it nevertheless represents an attempt to affect civilian infrastructure in a NATO member state. 

The incident also points to a shift in Russian tactics. Operations are increasingly directed at operational technology controlling physical functions, raising the potential for real-world disruption, particularly in the energy sector, where even limited interference can generate disproportionate societal effects. Against the backdrop of more than 150 incidents of sabotage, cyberattacks, and influence operations linked to Russia across Europe since 2022, this reflects a more risk-acceptant approach within a sustained campaign to pressure European states supporting Ukraine, testing resilience, creating uncertainty, and demonstrating reach without triggering direct military confrontation.  

Read more at Atlantic Council