Recorded Future warns that Russian hybrid threats, including sabotage of critical infrastructure, vandalism, weaponized migration, and military intimidation, are highly likely to intensify around the 2025 NATO Summit. These activities are expected to particularly target European countries, especially if the summit produces decisive outcomes on Ukraine. The Baltic states, Poland, and Germany face the highest risk.
In its research report titled ‘Threats to the 2025 NATO Summit,’ Recorded Future observed that the complex geopolitical environment surrounding the summit also makes it an attractive target for various threat actors, including state-backed influence operations, cybercriminals, hacktivists, and advanced cyber threat groups. Researchers assessed that Russia is highly likely to continue targeting European critical infrastructure through hybrid cyber-kinetic operations, irrespective of ongoing Ukraine peace negotiations. Submarine cable infrastructure was also flagged as a key vulnerability.
“While these operations are unlikely to directly target the summit event itself, threats to the critical infrastructure of NATO member countries are likely heightened as Moscow seeks to destabilize member states and exploit divisions within the alliance,” Recorded Future identified in a post last week. “Hybrid threats will almost certainly increase their targeting of NATO member countries following the summit if it results in significant action regarding Ukraine, such as a joint commitment to further military aid to Kyiv.”
In January, the Finnish Defence Forces assessed that Russia ‘will likely increase the use of all hybrid methods as it seeks to cause disunity within NATO and the European Union,’ including cyber and information influencing, coercive use of energy exports, targeting of energy and other critical infrastructure, weaponizing immigration, and intelligence operations.
Based on recent incidents, the 2025 NATO Summit report revealed that countries neighboring Russia, Estonia, Finland, Latvia, Lithuania, and Poland, likely represent the most attractive targets for sabotage operations. Additionally, countries providing the strongest support to Ukraine, such as Germany and Poland, are almost certainly at greater risk of physical threats than countries that do not provide significant aid, such as Hungary, which Moscow is unlikely to directly target.
The research identified that Russian-directed sabotage attacks targeting the critical infrastructure and key government and military facilities of European countries have almost certainly increased since 2022. Recent incidents suggest that these operations largely involve low-sophistication tactics with a degree of plausible deniability and obfuscated links to Moscow, often initially appearing as accidents or single criminal events, complicating attribution and identification of a larger strategic trend.
Sabotage operations targeting submarine cables off the coast of Europe almost certainly represent a relatively low-effort, high-reward vector for targeting European critical infrastructure.
In June 2023, Insikt Group assessed that Russia’s ongoing war against Ukraine was very likely fueling physical attacks and intelligence collection efforts against the submarine cable system to undermine the economic, diplomatic, and national security objectives of the US and its NATO allies. Specifically, Russia almost certainly presents the greatest direct threat to submarine cables in the North and Baltic Seas.
“While none of these incidents caused prolonged outages or communication disruptions due to the availability of alternate routes for data transmission, increased societal concerns about the vulnerability of critical infrastructure had a clear psychological impact on northern European populations,” the 2025 NATO Summit report added. “A more coordinated attack on submarine critical infrastructure could cause disruptions to business operations, financial losses, and communications disruptions, raising the risk of economic ramifications to northern and eastern Europe.”
In conclusion, Recorded Future wrote that the June 2025 NATO Summit in The Hague is a high-value target for adversaries like Russia and China, who are expected to escalate influence operations to exploit internal alliance divisions and weaken NATO’s credibility. These efforts may involve AI-generated deepfakes, fake leaks, and voice cloning to sow doubt about unity on Ukraine, Arctic policy, and burden-sharing.
Both nations are also likely to conduct cyber espionage to gather sensitive information about summit discussions and outcomes, using phishing lures and spoofed domains. Russia may weaponize any obtained data or fabricate it to disrupt NATO coordination and discredit member states.
In parallel, hacktivists and cybercriminals are expected to launch coordinated attacks, including distributed denial-of-service (DDoS), extortion, and defacement campaigns aimed at embarrassing host-nation authorities during the summit’s peak visibility. Even in the absence of a successful attack, a well-timed false claim could fuel a perception hack and shift the narrative.
“To counter the heightened digital threat environment as NATO convenes in The Hague, the alliance, each member state, and all partners involved in the summit should ensure last-mile cyber hygiene around summit infrastructure, push pre-emptive takedowns of spoofed domains and synthetic news clips, and deliver rapid, transparent debunks to emerging, non-credible reporting,” according to the 2025 NATO Summit report. “Continuous liaison between NATO StratCom, member-state computer emergency response teams (CERTs), trusted information streams and intelligence partners, as well as the public, will be critical as a cohesive public-messaging cadence may prove as important as technical defenses in preserving summit integrity and, by extension, NATO’s cohesion, its strategic narrative, and its mission.”
