Cyber threats as hybrid activity against the European Union in light of the current geopolitical situation
Choose format
RIS BIB ENDNOTEPublication date: 07.05.2025
Terrorism – studies, analyses, prevention, 2025, Special Issue, pp. 225-248
https://doi.org/10.4467/27204383TER.25.021.21524Authors
Cyber threats as hybrid activity against the European Union in light of the current geopolitical situation
The article presents analysis of cyber threats as a manifestation of the hybrid threats facing Europe. The author analysed reports from European Union and NATO countries in terms of how the identified threats are presented by intelligence services, governments and national CERTs (Computer Emergency Response Teams) and CSIRTs (Computer Security Incident Response Teams). She also discussed the categorisation of cyber threats based on their source of origin and their purpose, including state-sponsored, hacktivist and cybercriminal groups. She pointed to the increasing frequency of cyber attacks, especially those conducted from Russia and China, and discussed their impact on the critical infrastructure and political stability of states. She presented the changing landscape of cyber threats in Europe, gave examples of cyber attacks and described the methods of reporting these incidents adopted in Denmark, Germany, Estonia, Lithuania, Latvia and Poland.
Fukuyama F., Zaufanie. Kapitał społeczny a droga do dobrobytu (Eng. Trust. The social virtues and the creation of prosperity), Warszawa 1997.
Jordan T., Taylor P., Hacktivism and Cyberwars. Rebels with a cause?, London 2004.
Kose J., Cyber Warfare: An Era of Nation-State Actors and Global Corporate Espionage, “ISSA Journal” 2021, vol. 19, no. 4, pp. 12–15.
Kuehl D.T., Information Operations, Information Warfare, and Computer Network Attack: Their Relationship to National Security in the Information Age, “International Law Studies” 2022, vol. 76, pp. 35–58. 244
Lin H., Kerr J., On Cyber-Enabled Information/Influence Warfare and Manipulation, in: The Oxford Handbook of Cyber Security, P. Cornish (ed.), Oxford University Press 2021, pp. 251–272. https://doi.org/10.1093/oxfordhb/9780198800682.013.15.
McIntosh T. et al., Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration, “ACM Computing Surveys” 2024, vol. 57, no. 1. https://doi.org/10.1145/3691340.
Vićić J., Harknett R., Identification-imitation-amplification: understanding divisive influence campaigns through cyberspace, “Intelligence and National Security” 2024, vol. 39, no. 5, pp. 897–914. https://doi.org/10.1080/02684527.2023.2300933.
Antoniuk D., Latvia’s cyberspace faces new challenges amid war in Ukraine, The Record, 28.10.2022, https://therecord.media/latvias-cyberspace-faces-new-challenges-amid-war-in-ukraine [accessed: 19.03.2025].
Ataki hakerskie na RP operacją rosyjskich służb (Eng. Hacker attacks in the Republic of Poland as an operation of Russian services), Serwis Rzeczypospolitej Polskiej, 20.07.2022, https://www.gov.pl/web/sluzby-specjalne/ataki-hakerskie-na-rp-operacja-rosyjskich-sluzb [accessed: 19.03.2025].
Brief summary 2023 Report on the Protection of the Constitution (Facts and Trends), Bundesamt für Verfassungsschutz, https://www.verfassungsschutz.de/SharedDocs/publikationen/EN/reports-on-the-protection-of-the-constitution/2024-06-brief-summary-2023-report-on-the-protection-of-the-constitution.pdf [accessed: 19.03.2025].
China’s propaganda offensive, 17.02.2023, https://www.gov.pl/web/special-services/Chinas-propaganda-offensive [accessed: 19.03.2025].
Cordesman A.H., China’s Emergence as a Superpower, Center for Strategic & International Studies, 15.08.2023, https://www.csis.org/analysis/chinas-emergence-superpower [accessed: 19.03.2025].
Countering hybrid threats, NATO, 7.05.2024, https://www.nato.int/cps/en/natohq/topics_156338.htm [accessed: 19.03.2025].
Cyber attacks against European energy & utility companies, EnergiCERT, September 2022, https://sektorcert.dk/wp-content/uploads/2022/09/Attacks-against-European-energy-and-utility-companies-2020-09-05-v3.pdf [accessed: 8.04.2025].
Cyber attacks traced to Russian military intelligence agency, Federal Ministry of the Interior and Community, 3.05.2024, https://www.bmi.bund.de/SharedDocs/kurzmeldungen/EN/2024/05/schutzmassnahmen-cyberangriffe-en.html [accessed: 19.03.2025].
Cybercrime, European Commission, 31.10.2024, https://home-affairs.ec.europa.eu/policies/internal-security/cybercrime_en [accessed: 19.03.2025].
Cybersecurity of Critical Sectors – Energy, ENISA, https://www.enisa.europa.eu/topics/cybersecurity-of-critical-sectors/energy [accessed: 8.04.2025].
Fake PAP report looks like cyberattack, says gov’t official, Polska Agencja Prasowa, 31.05.2024, https://www.pap.pl/en/news/fake-pap-report-looks-cyberattack-says-govt-official [accessed: 19.03.2025].
Frequently asked questions on hybrid threats, Hybrid CoE, https://www.hybridcoe.fi/hybrid-threats-as-a-phenomenon/ [accessed: 19.03.2025].
Greenberg A., A Brief History of Russian Hackers’ Evolving False Flags, Wired, 21.10.2019, https://www.wired.com/story/russian-hackers-false-flags-iran-fancy-bear/ [accessed: 19.03.2025].
Heightened security situation in Germany, Federal Ministry of the Interior and Community, https://www.bmi.bund.de/SharedDocs/schwerpunkte/EN/ukrain/security_meldung.html [accessed: 19.03.2025].
Intelligence Outlook 2024, Danish Defence Intelligence Service, 22.01.2025, https://www.fe-ddis.dk/en/produkter/Risk_assessment/riskassessment/Intelligenceoutlook2024/ [accessed: 19.03.2025].
Jones S.G., Russia’s Shadow War Against the West, Center for Strategic & International Studies, 18.03.2025, https://www.csis.org/analysis/russias-shadow-war-against-west [accessed: 19.03.2025].
Latvia mulls tightening security after recent TV propaganda hacks, LSM+, 20.05.2024, https://eng.lsm.lv/article/society/crime/20.05.2024-latvia-mulls-tightening-security-after-recent-tv-propaganda-hacks.a554618/ [accessed: 19.03.2025].
Lithuania supports the EU declaration condemning Ghostwriter malicious cyber activities and calls to use more political tools, Ministry of National Defence of the Republic of Lithuania, 23.09.2021, https://kam.lt/en/lithuania-supports-the-eu-declaration-condemning-ghostwriter-malicious-cyber-activities-and-calls-to-use-more-political-tools/ [accessed: 8.04.2025].246
Mandiant Intelligence, GhostWriter Update: Cyber Espionage Group UNC1151 Likely Conducts GhostWriter Influence Activity, Mandiant, 28.04.2021, https://services.google.com/fh/files/misc/ghostwriter_update_report.pdf [accessed: 19.03.2025].
Mandiant Intelligence, Hacktivists Collaborate with GRU-sponsored APT28, Mandiant, 23.09.2022, https://cloud.google.com/blog/topics/threat-intelligence/gru-rise-telegram-minions [accessed: 19.03.2025].
Microsoft Digital Defense Report 2024, The foundations and new frontiers of cybersecurity, https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024 [accessed: 19.03.2025].
Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies, U.S. Department of Justice, 7.09.2023, https://www.justice.gov/archives/opa/pr/multiple-foreign-nationals-charged-connection-trickbot-malware-and-conti-ransomware [accessed: 19.03.2025].
Raud M., China and Cyber: Attitudes, Strategies, Organization, NATO Cooperative Cyber Defence Centre of Excellence, Tallinn 2016, https://ccdcoe.org/uploads/2018/10/CS_organisation_CHINA_092016_FINAL.pdf [accessed: 19.03.2025].
Roncone G. et al., APT44: Unearthing Sandworm, Mandiant, 17.04.2024, https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf [accessed: 19.03.2025].
Russian cyberattacks, Serwis Rzeczypospolitej Polskiej, 30.12.2022, https://www.gov.pl/web/special-services/russian-cyberattacks [accessed: 19.03.2025].
Russian National Charged with Ransomware Attacks Against Critical Infrastructure, U.S. Department of Justice, 16.05.2023, https://www.justice.gov/archives/opa/pr/russian-national-charged-ransomware-attacks-against-critical-infrastructure [accessed: 19.03.2025].
Sancho D., Understanding Hacktivists. The Overlap of Ideology and Cybercrime, Trend Micro, 4.02.2025, https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/understanding-hacktivists-the-overlap-of-ideology-and-cybercrime [accessed: 19.03.2025].
Sejm uznał Rosję za państwo wspierające terroryzm (Eng. The Sejm recognised Russia as a state supporting terrorism), Sejm of the Republic of Poland, 14.12.2022, https://www.sejm.gov.pl/sejm9.nsf/komunikat.xsp?documentId=4774505381CECC10C1258918007022FA [accessed: 8.04.2025].247
Thales Cyber Threat Intelligence, From Ukraine to the whole of Europe: cyber conflict reaches a turning point, Thales, 29.03.2023, https://www.thalesgroup.com/en/worldwide/security/press_release/ukraine-whole-europecyber-conflict-reaches-turning-point [accessed: 8.04.2025].
The attack against Danish, critical infrastructure, SektorCERT, November 2023, https://sektorcert.dk/wp-content/uploads/2023/11/SektorCERT-The-attack-against-Danish-critical-infrastructure-TLP-CLEAR.pdf [accessed: 19.03.2025].
What is data exfiltration?, IBM, https://www.ibm.com/think/topics/data-exfiltration [accessed: 19.03.2025].
Wolert R., RaaS group profile Hunters International, CERT Orange, 28.10.2024, https://cert.orange.pl/wp-content/uploads/2024/11/CERTOPL_CTI_Hunters_International_en.pdf [accessed: 19.03.2025].
2024 Annual Report, Republic of Latvia Constitution Protection Bureau, https://www.sab.gov.lv/files/uploads/2025/02/SAB-gada-parskats_2024_ENG.pdf [accessed: 19.03.2025].
Annual Report on the activities of Latvian State Security Service (VDD) in 2022, https://vdd.gov.lv/uploads/materials/33/en/annual-report-2022.pdf [accessed: 19.03.2025].
Annual Report on the activities of Latvian State Security Service (VDD) in 2023, https://vdd.gov.lv/uploads/materials/37/en/annual-report-2023.pdf [accessed: 19.03.2025].
Annual report on the activities of Latvian State Security Service (VDD) in 2024, https://vdd.gov.lv/uploads/materials/40/en/annual-report-2024.pdf [accessed: 19.03.2025].
Annual review 2022–2023, Estonian Internal Security Service, https://kapo.ee/sites/default/files/content_page_attachments/Annual%20Review%202022-23_0.pdf [accessed: 19.03.2025].
Annual review 2023–2024, Estonian Internal Security Service, https://kapo.ee/sites/default/files/content_page_attachments/annual-review-2023-2024.pdf [accessed: 19.03.2025].
China’s Military Strategy, Ministry of National Defence of the People’s Republic of China, 23.06.2021, http://eng.mod.gov.cn/xb/Publications/WhitePapers/4887928.html [accessed: 19.03.2025].248
Cyber Security in Estonia 2023, Republic of Estonia Information System Authority, https://www.ria.ee/sites/default/files/documents/2023-02/Cyber-Security-in-Estonia-2023.pdf [accessed: 19.03.2025].
Cyber security in Estonia 2025, Republic of Estonia Information System Authority, https://www.ria.ee/en/cyber-security-estonia-2025 [accessed: 19.03.2025].
Latvian Cybersecurity and CERT.LV Technical Activities Annual Report 2023, 26.07.2024, https://cert.lv/uploads/eng/Annual_Report_CERT-LV_2023.pdf [accessed: 19.03.2025].
National Threat Assessment 2023, https://kam.lt/wp-content/uploads/2023/03/Assessment-of-Threats-to-National-Security-2022-published-2023.pdf [accessed: 19.03.2025].
National Threat Assessment 2024, https://www.vsd.lt/wp-content/uploads/2024/03/GR-2024-02-15-EN-1.pdf [accessed: 19.03.2025].
Report on the state of Poland’s cybersecurity in 2023, CSIRT GOV, https://csirt.gov.pl/download/3/220/RaportostaniebezpieczenstwacyberprzestrzeniRPw2023.pdf [accessed: 19.03.2025].
Report on the state of Poland’s cybersecurity in 2024, in press.
Sprawozdanie Pełnomocnika Rządu do spraw Cyberbezpieczeństwa za 2023 rok (Eng. Report of the Government Plenipotentiary for Cyber Security for 2023), Ministerstwo Cyfryzacji (Eng. Ministry of Digital Affairs), 11.04.2024, https://www.gov. pl/web/cyfryzacja/krajobraz-cyberprzestrzeni [accessed: 8.04.2025].
Threat assessment: the cyber Threat against Denmark 2024, Centre for Cyber Security, September 2024, https://www.cfcs.dk/link/472c3cc8872446e59fa59eaf0f7ad945.aspx [accessed: 19.03.2025].
Joint Communication to the European Parliament and the Council. Joint Framework on countering hybrid threats a European Union response, Brussels, 6.04.2016, JOIN(2016) 18 final, https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:52016JC0018 [accessed: 19.03.2025].
Information: Terrorism – studies, analyses, prevention, 2025, Special Issue, pp. 225-248
Article type: Original article
The Internal Security Agency
Published at: 07.05.2025
Article status: Open
Licence: CC-BY-NC-SA 4.0
Percentage share of authors:
Article corrections:
-Publication languages:
EnglishView count: 2931
Number of downloads: 1704