Case Studies

During Romania’s 2024 presidential election period (November–December 2024), Romanian authorities identified a large-scale interference campaign targeting government institutions, election infrastructure and the online information environment.

In late 2024, the Chinese-flagged cargo vessel Yi Peng 3 was linked to the damage of critical subsea telecommunications cables in the Baltic Sea, disrupting connectivity between several Northern European states.

On the night of Saturday, 16 November 2025, an explosion was heard on the Warsaw-Lublin rail line, crucial for delivering aid to Ukraine. The next morning the damage was detected by a train driver, forced to make an emergency stop.

A few hours before its invasion of Ukraine, on 24 February 2022, Russia launched a cyberattack against ViaSat, an American Satellite broadband company which supplies military and commercial markets, exploiting a weakness in the cyber infrastructure of an Italian partner company.

In late 2020, it was revealed that hackers had inserted malicious code into software updates for SolarWinds Orion, a widely used IT network monitoring platform trusted by thousands of organisations, including US federal agencies, Fortune 500 companies, and critical infrastructure operators.

In early 2025, the Russian naval research vessel Yantar was tracked by UK and allied intelligence services operating in waters around the British Isles, conducting suspected reconnaissance of subsea critical infrastructure, including undersea communications cables and offshore energy pipelines.

On 25 August 2023, Poland’s railway network was disrupted by unauthorised radio broadcasts of the railway emergency stop signal. Attackers transmitted the 150.100 megahertz frequency signal over railway radio frequencies, which automatically triggers emergency braking on trains, spoofing a legacy system without authentication or encryption using inexpensive radio equipment.

In July 2024, multiple parcel bombs detonated at warehouse and logistics hubs in Poland, Germany and the UK.  The attacks were co-ordinated by invidivuals linked to Russian military intelligence services.

In June 2017, a cyberattack known as NotPetya swept across global networks, initially targeting Ukrainian organisations before spreading worldwide. Masquerading as ransomware, NotPetya was a wiper, designed not to extort money but to destroy data and cripple systems.

In August 2020, Norway's parliament (Stortinget) suffered a major cyberattack on its internal email system. The breach compromised email accounts of several MPs and staff, allowing data exfiltration.

On 12 December 2023, Kyivstar, Ukraine’s largest communications provider, serving over 24 million mobile phones, was targeted by a Russian cyberattack. Russian hackers had infiltrated Kyivstar’s system in March, months before the attack.

On Christmas Day 2024, the Estlink 2 high-voltage direct current (HVDC) power cable connecting Estonia and Finland had an ‘unplanned failure’, cutting approximately 658 MW of electricity transmission capacity between the Baltic states and the Nordic grid.

Tureby-Alkestrup Vandværk is a local, cooperative water utility providing potable water to residential areas near Køge, southwest of Copenhagen, Denmark, relying on pumps and control systems for distribution. In December 2024, a cyberattack targeted the utility and remotely manipulated pump pressure in the operational technology (OT) systems, causing multiple pipe bursts and temporary water outages affecting hundreds of households for up to seven hours.

In May 2024, a wave of arson attacks targeted commercial sites in Europe. Key incidents included a fire at an IKEA store in Vilnius (Lithuania) and a devastating fire at Marywilska 44 shopping centre in Warsaw (Poland).