Russia is conducting hybrid war against Europe, including drones, sabotage, propaganda, and destabilization
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
European institutions and security analysts say Russia is mounting a sustained “hybrid” campaign across Europe that combines drone strikes, sabotage, cyberattacks, disinformation and political interference; EU bodies and parliaments have publicly condemned these actions as coordinated and escalating [1] [2]. Officials warn the tactics are designed to remain below the threshold of open war while testing resilience and cohesion — examples cited include cuts to undersea cables, drone incursions, and cyberattacks on elections and infrastructure [3] [4] [5].
1. A broad, state‑level campaign, say EU institutions
The EU’s High Representative framed recent events as “persistent malicious activities” that are part of long‑standing hybrid campaigns aimed at undermining EU security, naming cyberattacks, sabotage, physical attacks and information manipulation among the tools used [1]. European Parliament resolutions and senior officials have similarly described a pattern of deliberate provocation — from airspace violations to drone incursions at critical infrastructure — and urged a unified response [2].
2. Drones and sabotage: the visible, kinetic edge of the grey zone
Multiple reporting strands emphasize drones and sabotage as central to the current phase of hybrid action. Analysts note Moscow’s integration of kamikaze drones into its playbook and point to increased drone incursions into Nordic and Baltic airspace and suspected sabotage of energy and transport links across the continent [6] [2] [4]. Think‑tanks and security studies institutes document incidents such as undersea‑cable tampering and shadow fleet actions that have physical consequences for energy and logistics networks [5] [7].
3. Cyber and information operations: erosion more than a headline
Cyberattacks and disinformation are recurring themes across EU statements and investigative coverage. The EU has publicly attributed cyber operations to Russia‑linked groups (e.g., APT28) affecting democratic institutions, and leaders including the European Commission president have warned that hybrid acts aim to “sow division” and linger in a twilight of deniability [1] [3]. Analysts stress that such campaigns are intended to degrade trust in institutions and complicate democratic processes [1] [8].
4. Purpose and pattern: testing thresholds, avoiding open war
Security experts quoted in Atlantic Council and other analyses argue Moscow seeks to raise costs and friction for Europe while staying below the threshold that would trigger a unified, all‑out military response; hybrid tactics therefore deliberately exploit ambiguity, legal gray areas and governance weaknesses [8] [9]. European officials and MEPs have characterized the behaviour as “systematic” and in some statements equivalent to state‑sponsored terrorism because it targets civilians and infrastructure without triggering Article 5 levels of interstate war [2] [4].
5. European reactions: resilience, deterrence and offensive thinking
Responses range from calls for better resilience (hardening energy grids, securing undersea cables, investing in incident response) to more assertive measures including joint cyber operations and expanded defence cooperation. Policymakers are now debating deterrence‑by‑denial (hardening systems) alongside deterrence‑by‑punishment (coordinated consequences across domains) and proposals for new centres to counter hybrid threats [9] [10] [5].
6. Evidence, attribution and the “twilight of deniability”
Reporting repeatedly notes a central difficulty: hybrid attacks are often engineered to leave ambiguous forensic trails, so public attribution can be politically fraught. EU institutions have made formal attributions in some cyber cases, but investigators and courts sometimes find evidentiary limits when proving direct state culpability for incidents like undersea cuts or shadow‑fleet actions [1] [5] [3]. Journalists and analysts stress that ambiguity is itself a tactic.
7. Competing perspectives and implicit agendas
Across the sources there is alignment that Russia is using hybrid tools aggressively; but how to respond is contested. Some voices urge immediate, robust retaliatory options including offensive cyber or military signaling [9] [10]. Others emphasise resilience and legal caution due to the evidentiary limits and political risks of escalation [3] [5]. National politics and institutional reputations shape which framings gain traction — EU bodies push collective action, some national leaders press for harder measures, and think‑tanks advocate doctrinal shifts [9] [2] [10].
8. What reporting does not (yet) say
Available sources do not mention a single, fully declassified catalogue proving direct Kremlin orders for every incident; instead reporting and official statements point to patterns, public attributions in select cyber cases, and intelligence assessments that interpret incidents as part of a coordinated campaign [1] [3]. Specific operational details on many sabotage incidents remain under investigation in national courts or classified intelligence channels [5] [7].
9. Bottom line for readers
European governments, parliaments and analysts are treating a cluster of cyber, kinetic and informational incidents as a sustained hybrid campaign that aims to disrupt cohesion and resilience; policymakers now face a trade‑off between escalating deterrence and managing the political and legal limits of attribution [1] [2] [10]. The debate over how hard to hit back — and how quickly to harden Europe’s critical systems — will determine whether the continent blunts these tactics or normalizes a persistent, costly gray‑zone conflict [9] [5].