The expanding scope of Russian hybrid warfare - evolution in the cyber and disinformation domains

Well-known Russian-linked hacking groups, such as APT28 (Fancy Bear), which is widely reported to have ties to Russian intelligence services, conduct sophisticated campaigns that can result in the theft of confidential data and the degradation of vital IT infrastructure. One example cited in recent reporting was a campaign directed at Polish government institutions in May 2024, in which the group deployed malware and used advanced social-engineering techniques to gain access to sensitive files and potentially interfere with information systems.

Udermine democratic processes

Attacks on electoral systems are particularly alarming because their objective is to undermine democratic processes and distort outcomes. Russian actors have sought access to voter databases, tampered with vote-counting systems or executed breaches intended to leak election-related secrets, all tactics that can damage public confidence in electoral institutions and inflame social tensions. In the run-up to the 2024 European Parliament elections, Moscow-aligned disinformation campaigns reportedly aimed to bolster extreme, Eurosceptic and anti-Ukrainian factions, with the effect of potentially skewing results and fomenting political instability within the European Union. 

These operations are enabled by increasingly capable tools. Russia has developed and deployed a range of disruptive cyber capabilities: from ransomware to distributed-denial-of-service (DDoS) attacks that can render systems inaccessible, to bespoke malware that provides unauthorised access and persistent control over networks. 

Media outlets and non-governmental organisations have also been frequent targets. Such attacks are rarely limited to data theft; they seek to spread falsehoods, sow confusion in the public sphere and erode trust in independent journalism. Tactics have included intrusions into editorial systems to alter or erase content, and the publication of fabricated stories. In January 2022, for example, numerous Ukrainian government agencies and NGOs were struck by the WhisperGate malware, which masqueraded as ransomware and caused significant operational disruption.

On 31st May 2023 the website of the Polish Press Agency was compromised and used to post false information claiming that the government intended a general mobilisation. It was a clear attempt to provoke panic and spread disinformation.In March 2023 attackers also targeted Ukraine’s civil-registry and property databases, as well as the register of legal persons and sole traders, deleting in excess of a billion rows of data, some of which were stored in Poland. 

There have been other worrying incidents in the region: in 2022 a spate of cyber-attacks directed at Czech rail infrastructure was reported from the east. While not all these incidents have been definitively attributed to Russian services, they nevertheless illustrate the growing threat posed by cybercriminals acting on behalf of, or with the backing of, a hostile state.

Cyber-attacks can completely block access to media websites and even seize control of newsroom IT systems, severely limiting their ability to inform the public.

Aim: erode trust in international institutions

For years, Russia has conducted wide-ranging information operations that are a core component of its hybrid strategy. These efforts are aimed not only at political destabilisation but also at undermining citizens« trust in democratic institutions and Western alliances such as NATO and the European Union. Within this strategy, the Kremlin employs a diverse toolkit, including an extensive network of propaganda channels such as Russia Today and Sputnik, as well as hundreds or even thousands of fake social-media accounts. The aim is not merely to manipulate public opinion in Central and Eastern European countries but also to foster internal instability, weaken national cohesion, and strengthen pro-Russian and anti-Western sentiment.

The primary objective of Russian disinformation in the region is to erode trust in international institutions, particularly NATO and the European Union, which are essential for the political stability and security of Central and Eastern European states. The Kremlin seeks to advance a narrative suggesting that these alliances are incapable of effectively defending their members against external threats, most notably potential aggression from Russia. 

Russian accounts on Telegram have circulated false claims asserting that NATO Secretary-General Mark Rutte threatened to „exclude the United States from the alliance if Donald Trump were to hand Ukraine to Russia.” In reality, Rutte never made such statements and affirmed his readiness to cooperate with a new US president. The intent of this disinformation is to undermine NATO unity and sow doubts regarding the United States« commitment to the alliance.  

In addition, Russia effectively exploits disinformation to create and deepen social divisions within Central and Eastern European states. Of particular concern are campaigns targeting refugees and migrants, designed to heighten anti-refugee sentiment. By portraying migrants as a threat to public order, these narratives seek to incite internal tensions and foster the growth of radical, anti-democratic attitudes in regional states. Such narratives remain especially dangerous amid Europe’s ongoing refugee crisis and growing migration pressures.  

Exacerbation of national and historical disputes

Another important element of Russia’s information operations is the exacerbation of national and historical disputes, which continue to influence the political reality of Central and Eastern Europe. In a region with a long history of ethnic and political conflicts, Russia seeks to exploit existing tensions to deepen divisions between states.  In response to these threats, Central and Eastern European countries have taken extensive measures to strengthen information resilience. States in the region are intensifying cooperation with the European Union in the fields of security and defence.

In March 2022, the EU adopted the Strategic Compass, aimed at reinforcing the Union’s security and defence posture through 2030. The document highlights the importance of enhancing cyber-resilience and optimising incident-response capabilities across both the public and private sectors. Countries in the region are developing and updating national defence and military strategies to account for new threats, including cyber-attacks and disinformation. Poland, for example, in 2024 adopted recommendations for its National Security Strategy, focusing on the development of defence and military strategies and the principles governing their implementation. 

In March 2023, broadcasters from Poland, Lithuania, Latvia, Ukraine, and Romania signed a declaration pledging mutual cooperation in combating disinformation. This initiative aims to facilitate information sharing and joint actions to counter disinformation narratives. Their responsibilities include closely monitoring media, including outlets financed or supported by third states that may be used to propagate pro-Russian messaging. These measures also involve intensive collaboration with the private sector, including technology companies, to better identify and neutralise disinformation campaigns in the digital space.  

Cooperation with NATO and the European Union plays a fundamental role in this process. These countries often operate within joint strategies, sharing experiences and best practices while engaging in initiatives to strengthen collective resilience against information manipulation.  One example is NATO’s Centre of Excellence for Strategic Communications in Riga, established to support member states in building capabilities to counter disinformation. The Centre conducts research into disinformation techniques, analysing mechanisms employed by external actors to spread false information and assisting Alliance members in developing effective countermeasures.

Collaboration with the European Union represents another key element in building regional resilience to information threats. Through initiatives such as the European External Action Service (EEAS) and the European Centre for Countering Disinformation, the EU supports member states in monitoring and analysing disinformation campaigns, particularly those directed against the Union and its institutions. Brussels also contributes to the creation of information-verification tools, enabling faster detection and neutralisation of false narratives in the public domain.