05.03.2026.

Russia’s Gray Zone Warfare Campaign In Europe – Analysis

The head of MI5 has warned that Russia is on a mission to ‘generate sustained mayhem on British and European streets.’ He is referring to a string of high-profile sabotage and arson events that have occurred in Europe since the outbreak of the Ukraine war, ranging from the destruction of undersea cable infrastructure in the Baltic Sea to the burning down of Warsaw’s largest shopping mall, and even the petty harassment of pro-Ukraine public figures in Estonia.

When assessing the manifestations of this ‘mayhem,’ a novel modus operandi is apparent: this wave of gray zone warfare is not the work of professional intelligence agents. The real spooks are being forced to operate from Russia, having been largely expelled from their previous postings in European states. Rather, the sabotage is being done by amateurs, many of whom are recruited over social media, and some not even legal adults. And unlike the high ideology of the Cold War era, they do it for love of money, not love of motherland. These tactics adopt a fluidity well suited to the digital age, where saboteurs are recruited, trained, and paid without ever coming into contact with state agents – in fact, some of these saboteurs don’t even know what exactly they’re doing. This new paradigm allows for gray zone warfare that spans borders and continents, reducing costs and expanding recruitment potential across age, profession, and geography.

But there are drawbacks as well. The appeal of gray zone warfare has always been its deniability. Yet as the events outlined below illustrate, deniability is a casualty of the new tactical normal. With more amateur operatives being caught and disclosing the details of their recruitment process, a picture of Russian gray zone warfare has come into greater relief, and it is producing escalating policy responses from Western states. Some examples include:

  • NATO’s ‘Baltic Sentry,’ which seeks to establish an active military presence in the Baltic Sea to protect critical infrastructure from sabotage;
  • The Biden administration’s explicit warnings of severe consequences should Russian intelligence attempt to send exploding packages to North America;
  • Poland launching a €2 billion effort to establish drone defenses along its eastern border;
  • Poland’s ‘Operation Horizon,’ which will deploy approximately 10,000 troops to defend critical infrastructure and other sites.

These represent an attempt to delineate limits on gray zone warfare and create diplomatic and security consequences where before there were none. This is a process that is still in its infancy however, with both offensive and defense actors blindly navigating the uncharted territory of new technological and geopolitical realities.

BALTIC SEA UNDERSEA CABLE SABOTAGE

Modus Operandi: State organs enlist a third party that would typically operate in the target maritime space; for example, a captain of a commercial vessel. The third party then drops anchor near the target and proceeds to drag it along the seabed until the cable is severely damaged or cut outright. This tactic is particularly well suited to the Baltic Sea due to its shallow waters and critical undersea cable infrastructure (data and energy).

Upside: Undersea cable sabotage provides three advantages for the offensive party. The first is the low operating cost, which is basically the money needed to enlist the third party. The second is deniability since these gray zone operations do not directly involve any state instruments in performing the sabotage. The possibility of accidental damage to undersea cables represents another layer of deniability, one that is typically invoked by detained crews, and perhaps sincerely since accidental anchor-related damage is a common cause of undersea infrastructure destruction. Finally, damage to undersea infrastructure can create economic impacts for hostile states, costinganywhere between €5 million and €150 million to fix, with repairs taking months if not years to complete.

Downside: There is no easy answer on how to create deterring costs for gray zone cable sabotage. Overreacting risks kinetic conflict; Underreacting invites more sabotage in the future. European states like Finland and Norway have made efforts to hold individual captains and crews to account. There is also a more concerted military strategy to safeguard Baltic infrastructure. In January 2025, NATO announced the ‘Baltic Sentry’ initiative, deploying frigates, patrol aircraft, and maritime drones to monitor critical infrastructure in the area. Notably, the deployment has the power to board, impound, and arrest crews suspected of sabotage. The launch of Baltic Sentry coincided with fewer undersea cable sabotage incidents through 2025. However, there has been a rash of new outages to kick off 2026.

Notable Incidents

  • Nord Stream (September 26, 2022): An underseas explosion renders the Nord Stream natural gas pipelines linking Germany and Russia inoperable. In the immediate aftermath of the explosion, fingers are pointed at all sides. Since then, Sweden, Denmark, and Germany have conducted separate investigations into the cause. The first two ended inconclusively, while the German one alleges the possible involvement of Ukrainian divers, trained in Poland.
  • BCS East-West / C-Lion1 (November 17-18, 2024): Two undersea cables are severely damaged in less than 24 hours, with the China-flagged bulk carrier Yi Peng 3 operating in the area at the time. China allows representatives from Germany, Sweden, Finland, and Denmark to board the ship, though it refuses entry to the Swedish prosecutor leading the investigation. The ensuing report notes that the Yi Peng 3 dragged its anchor for 1.5 days across 180 nautical miles, coinciding with the time of the cable breaks. Yet in the report’s final judgement, while emphasizing that the investigation was hampered by limited access, it declares that there’s no way to conclude either deliberate sabotage or accidental anchor deployment.
  • Estlink 2 (December 25, 2024): The Estlink 2 electricity connection between Finland and Estonia goes offline, prompting the Finnish authorities to detain the 24-strong crew of the Eagle S – a tanker believed to belong to Russia’s ‘shadow fleet.’ The Eagle S has since been allowed to leave, and three crew members remain detained as the investigation continues. The Estlink 2 is expected to be back online sometime in July.
  • Latvia-Sweden Cable Damage (January 26, 2025): Latvian government announces damage to a fiber optic cable linking Latvia and Sweden. The Maltese-flagged ship Vezhen is boarded and detained by Swedish authorities before being cleared of sabotage and released in February.
  • HelsinkiTallinn Telecom Link (December 31, 2025): Finnish police seize the St. Vincent and Grenadines-flagged Fitburg cargo vessel after a telecom outage between Finland and Estonia. The seizure is later lifted and the ship allowed to depart.
  • Sventoji-Liepaja Arelion Link (January 2, 2026): Latvian police board and investigate a ship docked in Liepaja following reported damage to a Latvia-Lithuania telecom line owned by Sweden’s Arelion. No evidence of sabotage is found.

EUROPE ARSON AND ESPIONAGE

Modus Operandi: Similar to the Baltic Sea MO, state organs enlist the help of either criminal elements, ideologically aligned supporters, or desperate people to execute acts of sabotage and vandalism that fuel the perception of discord and insecurity in Western societies. As per reporting from the Guardian, recent campaigns have utilized online recruitment to source new ‘freelance’ saboteurs, resulting in less targeted and less professional operations.

 

 

 

26.03.2026.
Suspicions about the new head of the Russian Office in Pristina, REL: Ilia Uvarov appears on the list of people connected to the Russian secret service 26.03.2026.
Ukraine’s energy decentralization is a race against time—opinion 26.03.2026.
From calls to collars: How the EU is supporting wildlife tracking in Albania 26.03.2026.
Azerbaijan: EIB Global increases support for MSMEs with additional financing for Bank Respublika 25.03.2026.
Belt and Road Becomes Key Tool in China’s Push to Enforce One-China Policy 25.03.2026.
From trench to grave 25.03.2026.
EBRD boosts SME financing in Serbia with €70 million loan to NLB Komercijalna banka 25.03.2026.
Russia’s war of aggression against Ukraine: EU extends individual listings over Ukraine's territorial integrity for a further six months 24.03.2026.
Why the Russian offensive in Ukraine has slowed down sharply 24.03.2026.
EUR 12.5 million for reforming local governance and water services in BiH