Renewed pressure on eastern border
Latvia is facing a renewed influx of irregular migrants from Belarus, after a relatively quiet winter, with border guards reporting a steady stream of crossings in April 2026. Authorities expect the pressure to persist at levels comparable to 2025, and warn that escalating conflict in the Middle East may drive more migrants from that region toward the Baltic states. The pattern is seen as part of a coordinated strategy by Minsk and Moscow to destabilise the European Union’s eastern frontier, exploiting human flows as a tool of hybrid warfare. The Latvian border service has recorded dozens of attempts to cross illegally each week, forcing Riga to maintain heightened security and mobilise additional army and police units.
Hybrid tactics at the frontier
Official reports indicate that Belarusian authorities are actively organising the movement of migrants to border zones, providing them with means to breach fences and directing them toward weak points in the frontier. This approach has been documented repeatedly since 2021 and is viewed by Baltic governments as an act of hybrid aggression. The Latvian security service has confirmed direct involvement of Belarusian officials and military personnel in coordinating groups and facilitating illegal crossings. The constant threat of large groups attempting to storm the border not only strains national security but also creates a persistent psychological and administrative burden on democratic institutions, as human rights groups often intervene, adding political pressure.
Cyber front expands despite Europol crackdown
Meanwhile, the pro-Russian hacking group NoName057(16) has actually increased its attack volume after a major Europol operation in July 2025, codenamed Eastwood, which seized servers and arrested several suspects. Before the operation, the group sent about 6,300 commands per month for DDoS attacks; after Eastwood the average rose to 7,708 commands. Between late October 2025 and mid-March 2026, NoName057(16) claimed 1,530 successful operations, roughly 300 per month. The group has turned cyberattacks into a “patriotic online game”, recruiting volunteers via Telegram and rewarding them with TON cryptocurrency that can be cashed out.
Gamification lowers barrier to cybercrime
The use of gaming mechanics and crypto rewards has significantly lowered the entry threshold for participating in attacks, allowing Moscow to mobilise a broad pool of actors without direct state attribution. The group’s manifesto echoes Kremlin narratives, accusing Europe of “Russophobia” and supporting what it calls “Ukrainian terrorists”. European intelligence services and Europol describe NoName057(16) as part of a wider Russian hybrid war against countries supporting Ukraine. Notable targets include Danish municipal websites during November 2025 elections and the websites of the 2026 Winter Olympics in Milan and Cortina d’Ampezzo.
Broader implications for European security
The resilience of NoName057(16) despite law enforcement action demonstrates the limits of traditional police measures against decentralised cyber threats. The group’s ability to quickly rebuild and expand signals Russia’s capacity to sustain and scale such networks using flexible digital tools. The consequences of these attacks extend beyond temporary disruption of energy, transport, media and government services; they also erode public trust in institutions and amplify pro-Kremlin narratives, fuelling societal tension. Countering this threat requires stronger coordination among European states, intelligence agencies and cybersecurity centres, as well as blocking recruitment channels and investing in critical infrastructure protection.
