Swedish authorities identify state-linked hacking group in thermal power station attack
Swedish defence officials have formally attributed a cyber attack against a thermal power station in 2025 to a hacking group with established links to Russian intelligence services. The incident, which targeted operational technology controlling physical processes, is viewed as part of a systematic campaign against European critical infrastructure. Defence Minister Carl-Oskar Bohlin stated that Russia is shifting its tactics from relatively simple distributed denial-of-service (DDoS) disruptions towards more complex operations aimed at industrial control systems, particularly within the energy sector. This evolution marks a significant escalation in the potential for physical damage and service disruption across the continent.
Pattern of hybrid warfare intensifies across European nations
Since February 2022, European security agencies have identified over 150 incidents of physical sabotage and cyber attacks directly linked to Russian security services. Alongside the attempted breach in western Sweden, similar intrusion efforts have been recorded against infrastructure in Norway and Denmark. In late December 2025, dozens of Polish energy facilities were struck by a major coordinated cyber assault. These operations form a broader pattern of hybrid warfare that combines technological, informational and political pressure without triggering direct military confrontation, aiming to erode public confidence in governments and create a palpable sense of vulnerability.
Operations designed to test alliance cohesion below NATO’s Article 5 threshold
Analysts assess that Moscow deliberately conducts these cyber campaigns below the threshold that would invoke NATO’s collective defence clause under Article 5. This strategic approach allows the Kremlin to probe European resilience and gauge the speed and coordination of national responses without risking a full-scale military reply from the alliance. The ultimate objective is widely understood to be the gradual reduction of European readiness to sustain support for Ukraine, draining political will and redirecting resources towards domestic security concerns.
Energy sector emerges as primary target with significant disruption potential
The energy sector remains the most prominent target, where even limited disruptions to electrical grids and heating supplies could generate substantial economic losses and social tension. Attacks on operational technology represent a direct threat to the physical infrastructure that underpins national stability. By demonstrating a capability to impact critical systems without escalating to open conflict, Russia seeks to foster a persistent climate of threat and uncertainty, undermining citizen trust in state institutions and testing the durability of European societal cohesion during prolonged hybrid pressure.
European governments urged to develop systemic defence strategies
Security experts consistently call for enhanced civil preparedness, substantial investment in critical infrastructure protection, and more effective coordination mechanisms between state agencies and private sector operators. Deepening collaboration within both the EU and NATO frameworks is seen as essential to mount a collective response to these persistent attacks and bolster long-term resilience. The evolving threat landscape necessitates a comprehensive strategy that addresses not only immediate cyber defences but also the broader political and social dimensions of hybrid warfare campaigns targeting European solidarity.
