NATO alleges intensifying campaign of Russian hybrid activities on alliance territory

10 May 2024

In two separate statements on consecutive days last week NATO alleged that Russian hybrid attacks on NATO territory were increasing. In the first statement on 2 May, NATO said Russia had committed "recent malign activities" in member countries, including "disinformation, sabotage, acts of violence, cyber and electronic interference... and other hybrid operations".

According to the statement, these resulted in the “investigation and charging of multiple individuals in connection with hostile state activity affecting Czechia, Estonia, Germany, Latvia, Lithuania, Poland, and the United Kingdom". The statement added that "We will continue to boost our resilience and to apply and enhance the tools at our disposal to counter and contest Russian hybrid actions”. In conclusion, the statement condemned Russia and called on the country "to uphold its international obligations, as allies do theirs," before adding that "Russia's actions will not deter Allies from continuing to support Ukraine".

The NATO Secretary Jens Stoltenberg previously spoke about alleged incidents of Russian espionage in NATO countries during a 26 April meeting with German Chancellor Olaf Scholz in Berlin. "Last week, Germany arrested individuals accused of espionage and sabotage. And today, in the United Kingdom, five individuals have been charged in connection with hostile state activity to benefit Russia", Stoltenberg said then.

In the second statement on 3 May it was pointed out that responsibility for malicious cyber activities in Germany and Czechia had been attributed “to the threat actor APT28”—a Russian cyber espionage group, which is said to be responsible for dozens of cyberattacks globally in recent years—which the statement said is sponsored by the Russian General Staff Main Intelligence Directorate (GRU). APT28 was also accused of targeting other national governmental entities, critical infrastructure operators and other entities in Lithuania, Poland, Slovakia and Sweden. The EU issued a similar statement the same day.

The statement concluded by stating that NATO promotes “a free, open, peaceful and secure cyberspace” and called on all states, including Russia, “to respect their international obligations and commitments to uphold international law and act within the framework for responsible state behavior in cyberspace as affirmed by all members of the United Nations”.

The German Foreign Minister, Annalena Baerbock, said “we can attribute this cyber-attack to a group called APT28, which is steered by the military intelligence service of Russia”. She added that “this is absolutely intolerable and unacceptable and will have consequences”, while the Czech Foreign Ministry said “the mode of operation and the focus of these attacks matched the profile of the actor APT28.

A spokeswoman for Russia's Foreign Ministry, Maria Zakharova, in statement reported by Reuters on 4 May, dismissed the accusations by NATO and said this was "misinformation" aimed at distracting people from the alliance's own activities. She added that it was NATO that had waged a hybrid war with Russia by supporting Ukraine with arms, intelligence and finances. She also cited NATO's four-month long military exercises near Russia's borders, known as Steadfast Defender, as proof the alliance is preparing for a potential conflict with Russia.  Announcing the start of Steadfast Defender in January, NATO said 90,000 troops would take part, rehearsing how US troops could reinforce European allies in countries bordering Russia and on the alliance's eastern flank if a conflict were to flare up. The exercises, NATO's largest since the Cold War, are due to finish at the end of May.

While the evidence of Russian government sponsorship of APT28 is convincing and alarming, it should also be noted that liberal democracies, including within NATO, have a long history of peddling disinformation and currently engage in digital deception campaigns. A 2020 study identified at least 12 NATO member states as using social media to spread computational propaganda and disinformation, while two (the UK and USA) were shown to have high “cyber troop” (government or political party actors tasked with manipulating public opinion online) capacity. Such activities appear to be connected to US special forces and intelligence agencies, and are being linked to private sector initiatives using artificial intelligence.