In recent weeks NATO allies and European Union member states have made a series of allegations about Russian hybrid operations targeting their countries, prompting both the alliance and the bloc to formally condemn the Kremlin’s conduct.

The North Atlantic Council, NATO’s political executive, announced on Thursday that allies were “deeply concerned about recent malign activities on Allied territory, including those resulting in the investigation and charging of multiple individuals in connection with hostile state activity.”

A range of activities have come to light following counterintelligence efforts in Czechia, Estonia, Germany, Latvia, Lithuania, Poland and the United Kingdom. NATO described these as “part of an intensifying campaign of activities which Russia continues to carry out across the Euro-Atlantic area, including on Alliance territory and through proxies.”

In a second statement on Friday, the NAC called out a “malicious cyber campaign” from Russia targeting a political party in Germany in 2023, alongside institutions in Czechia. 

During a press conference in Australia on Friday, German Foreign Minister Annalena Baerbock announced that the country was attributing last year’s cyberattack on the Social Democrat Party to APT28, also known as Fancy Bear and tied to the GRU, Russia’s military intelligence service.

“Allies also note with concern that the same threat actor targeted other national governmental entities, critical infrastructure operators and other entities across the Alliance, including in Lithuania, Poland, Slovakia and Sweden,” announced NATO.

This was joined by another statement on Friday from the European Council, the EU’s political executive, alleging the cyber campaign “shows Russia’s continuous pattern of irresponsible behavior in cyberspace, by targeting democratic institutions, government entities and critical infrastructure providers across the European Union and beyond.”

At the same time, the Czech Ministry of Foreign Affairs announced its intelligence services had been targeted by APT28, “exploiting a previously unknown vulnerability in Microsoft Outlook from 2023.”

The activities include “sabotage, acts of violence, cyber and electronic interference, disinformation campaigns, and other hybrid operations,” said NATO, adding that allies said they considered them to constitute a threat to their security.

Last week, Czech police said they considered it “proven” that members of Unit 29155 of the GRU, Russia’s military intelligence service, were behind explosions at ammunition warehouses in the country.

Officials from Estonia, Latvia and Lithuania also criticized the suspected Russian GPS jamming of commercial flights in the Baltics, which the Estonian foreign minister Marcus Tsahkna called a “deliberate hybrid attack” by Russia.

Germany has grappled with a range of Russian threats in recent months, from a new cyber espionage targeting political parties, through to the interception and leaking of a conversation between military officials about support for Ukraine. The country’s prosecutors also recently announced charges against a military officer who attempted to provide intelligence to Russian spy agencies.

British counterterrorism police have arrested six Bulgarian nationals in the past year suspected of spying under the direction of the Russian state, with two British nationals arrested last week on suspicion of an arson attack against a Ukrainian owned business in London, as directed by the Kremlin.

The Kremlin has denied responsibility for all of the above allegations.

NATO said it would act “individually and collectively to address these actions, and will continue to coordinate closely,” and would work to “counter and contest Russian hybrid actions.”

“We condemn Russia’s behavior, and we call on Russia to uphold its international obligations, as Allies do theirs,” stated the North Atlantic Council. “Russia’s actions will not deter Allies from continuing to support Ukraine.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.