Russian special services have intensified cyber espionage, influence campaigns, and potential sabotage operations ahead of the NATO summit scheduled for June 24–25, 2025, in The Hague, according to the research group Insikt Group. They warn of a high risk of cyberattacks, subversive activities, and disinformation spread by Russia and China targeting the alliance’s participants and the event itselfas reported by Recorded Future.
Experts report that Kremlin-sponsored cybercriminal groups have already deployed malware against individuals and organizations involved in preparing and conducting the summit. Their goal is to gather intelligence, destabilize the information environment, and undermine the alliance’s credibility. Simultaneously, Russian and Chinese influence networks aim to shape a public image of NATO as a fragmented and aggressive bloc.
Insikt Group identifies three main threat vectors: malicious influence operations, cyber espionage, and a surge in activity by cybercriminals and hacktivists. Threats come from both traditional intelligence agencies and groups operating under the cover of independent activists and mercenaries. Russia reportedly actively recruits operatives on Telegram, including people with criminal backgrounds unconnected to state structures to complicate their identification. Some of these operatives have already participated in arsons and sabotage in Poland, Lithuania, and Germany.
Darknet forums show increased activity related to NATO. Hackers discuss attacks on digital infrastructure, share data leaks, and plan cyber strikes. This heightens the risk of ideologically and financially motivated campaigns targeting NATO member states, especially in Eastern Europe.
Russian sabotage units, including GRU military units 29155, 54654, and 54777, as well as the Main Directorate of Deep-Sea Research, continue their operations in Europe, Insikt Group says. Their tasks include sabotaging critical infrastructure, collecting intelligence, influencing public opinion, and undermining trust in governments. These units are also allegedly behind damage to underwater cables, sabotage of energy facilities, and espionage activities on NATO territory.
There are also reports of ongoing “weaponized migration” policies. Analysts believe Russia uses migrant flows through Belarus as a tool to pressure Poland, Lithuania, and Finland. Such actions have already forced Helsinki and Warsaw to close their borders. These provocations are accompanied by airspace incidents and interference with GPS signals in the Baltic region, considered by military intelligence as part of a pressure plan on the alliance.
While a direct attack on the summit is unlikely, Insikt Group believes Russia will continue hybrid actions against critical infrastructure, especially if summit participants agree to increase aid to Ukraine. Poland, Germany, and the Baltic countries are considered at highest risk.
Experts note that physical security measures for the summit are unprecedented. The Netherlands has activated extensive security protocols to prevent attacks, but proactive protection does not exclude the possibility of new incidents. The nature of threats is evolving, becoming more covert and flexible, including disinformation, espionage, sabotage, and psychological pressure.
Internal disagreements within NATO further complicate the summit’s background. The US is pushing new demands for allies’ military spending, while some countries, including Hungary and Poland, show varying levels of readiness to support Ukraine. These divisions are also targeted by Russian intelligence efforts aimed at sowing discord and undermining NATO’s collective response to Kremlin aggression.
According to Insikt Group, the 2025 NATO summit occurs at a time of maximum geopolitical vulnerability for the alliance in recent years. The Russian strategy seeks to exploit this moment for large-scale pressure—in cyberspace, in the minds of citizens, and on strategic assets of the allies.
