Riga — Russia is escalating its campaign of cyber sabotage and information warfare against Latvia and other Western nations, with a growing focus on disrupting critical infrastructure, according to a new report. The Constitution Protection Bureau (SAB) warned that these actions are intended to create uncertainty, undermine essential services, and retaliate against support for Ukraine.
Russian Cyber Threats to Europe Intensify
Table of Contents
Latvia’s security agency details a surge in attacks targeting industrial control systems and essential services.
- Russia continues to pose the main cyber threat to Latvia, driven by its strategic goals and opposition to support for Ukraine.
- Cyberattacks against operational technology (OT) environments—systems controlling essential services like energy and water—are a growing concern.
- Despite increased attacks, Latvian cyber defenses have largely been effective in preventing significant disruptions.
- New regulations are being implemented to strengthen cybersecurity requirements, including restrictions on cooperation with non-EU/NATO countries.
The SAB’s 2025 annual report, released this month, identifies a significant increase in security risks posed by Russia in Europe. The number of sabotage and cyber incidents remains high, with a particular emphasis on attacks targeting industrial control systems (ICS). These attacks aren’t just about causing chaos; they’re a calculated effort to sow doubt, punish allies, and deter future assistance to Ukraine.
Q: What is Russia’s primary goal with these cyberattacks?
A: To spread uncertainty, undermine services, punish support for Ukraine, and deter future backing, according to Latvia’s Constitution Protection Bureau.
New Cybersecurity Regulations Aim to Bolster Defenses
On June 25, 2024, Latvia’s Cabinet of Ministers adopted regulations setting minimum cybersecurity requirements for critical infrastructure within the information and communication technology (ICT) sector. These requirements, overseen by the SAB in accordance with the National Cybersecurity Law, are designed to create a more robust cybersecurity framework, according to SAB Director Egils Zviedris.
The new regulations also include limitations on cooperation with countries outside the European Union and NATO during government procurement processes related to ICT resources, aiming to mitigate potential risks of malign influence.
Full Spectrum of Attacks Experienced in 2025
Latvia experienced a wide range of cyberattacks throughout 2025, including intrusion attempts, malware distribution, equipment compromise, and distributed denial-of-service (DDoS) attacks. The overall level of registered cyberthreats reached an all-time high, a significant increase since Russia’s full-scale invasion of Ukraine in 2022. While many incidents involved cybercrime and digital fraud, the SAB highlighted the growing threat to critical infrastructure and national security.
Despite the elevated threat level, Latvian cyber defenders have largely been successful in preventing major disruptions. Hostile cyber activity has fluctuated in intensity, and most observed attacks have had limited impact due to effective prevention and response measures. Interestingly, the SAB noted a trend starting in 2024: large, politically significant events, such as the European Parliament elections and the Parliamentary Summit of the International Crimea Platform in Riga, did not attract significant cyberattacks. This is attributed to proactive defensive measures by CERT.LV, Latvia’s national Cyber Incident Response Institution.
Operational Technology Increasingly Targeted
The report also flagged a growing concern regarding cyber threats to operational technology (OT) environments. OT encompasses the equipment and software used to monitor and control physical processes and infrastructure—essential services like energy, water supply, and transportation. Many of these systems, despite increasing remote management, lack adequate cybersecurity, making them vulnerable to relatively simple attacks that could disrupt vital services.
According to a report by ENISA, almost 18.2 percent of cyberattacks in Europe in 2025 targeted operational technologies.
Hacktivist Activity and Real-World Impacts
Russian hacktivists have demonstrated a willingness and capability to carry out cyberattacks on ICS systems in Latvia and other Western countries, aiming to cause short-term inconvenience or even threaten critical infrastructure. Their motives include disrupting vital services, creating shock, sowing doubt, punishing support for Ukraine, and deterring future assistance.
In April 2025, Norway experienced a cyberattack against a dam on the Risetvatnet lake. Hacktivists exploited a weak password to gain control of a panel regulating water flow, increasing the pass-through rate. While the water level didn’t reach a critical point—the dam was used for fish farming—the incident highlighted the vulnerability of critical infrastructure. Similarly, in August 2025, Russian hacktivists repeatedly attacked the Gdansk hydro-electric power station, successfully accessing control systems and causing a complete shutdown of the plant during a second attempt.
So far, vulnerabilities in Latvian operational technologies have largely been identified through proactive cybersecurity measures and monitoring. “Significant incidents endangering critical infrastructure and vital services have not been registered,” the SAB reported. However, monitoring activities in 2025 revealed significant vulnerabilities in software and applications used by a municipal service provider, underscoring the need for continuous improvement in OT cybersecurity.
DDoS Attacks Remain a Persistent Threat
The SAB also reported ongoing waves of Russian DDoS attacks targeting Latvian government and municipal institutions, as well as critical infrastructure. These attacks aim to disrupt services, spread disinformation, and undermine public trust. A large DDoS attack occurred last July following the announcement of a Latvian company winning an international drone procurement contract. While most DDoS attacks have limited impact, organizations are encouraged to utilize DDoS defense services, such as the centralized service funded by the Latvian Ministry of Defence and operated by the Latvian State Radio and Television Centre (LVRTC).
