top of page

Russian Arson Campaign in Europe

In May 2024, a wave of arson attacks targeted commercial sites in Europe. Key incidents included a fire at an IKEA store in Vilnius (Lithuania) and a devastating fire at Marywilska 44 shopping centre in Warsaw (Poland). These were part of a broader GRU-orchestrated sabotage campaign using recruited proxies to disrupt economies and sow fear in NATO/EU states supporting Ukraine.


Incident

On 9 May, an incendiary device with a timer ignited early morning at the IKEA store in Vilnius, causing a fire in the warehouse section. Staff and firefighters quickly extinguished it, limiting damage. Lithuanian investigations revealed recruitment via Telegram for payment (around EUR 10,000 and a BMW car) to set fires at retail sites in Lithuania and Latvia.


Just three days later, on 12 May, Marywilska 44 - one of Warsaw's largest shopping centres, with over 1,400 shops - was destroyed by arson. Perpetrators used coordinated arson methods, leading to total loss of the facility.


Impact

The Vilnius IKEA fire caused minimal structural damage. The Warsaw fire resulted in enormous economic loss (thousands of businesses ruined), displaced traders, and required extensive rebuilding. No fatalities occurred in either, but both disrupted local economies, raised public anxiety, and strained emergency services. These incidents exemplify how hybrid attacks on civilian infrastructure can deliver maximum disruption at minimal cost.


Attribution

Lithuanian prosecutors attributed the IKEA arson to Russia's GRU military intelligence in March 2025, classifying it as terrorism; a Ukrainian teen was convicted in November 2025. Polish investigations, concluding in May 2025, confirmed Russian special services ordered the Marywilska arson, coordinated from Russia via Telegram-recruited agents. Officials linked them to a GRU network using disposable proxies motivated by money, as part of retaliation against Ukraine support. Russia denied involvement.


Lessons

These incidents highlight the importance of resilience in civilian and commercial infrastructure against hybrid sabotage. Key lessons include diversifying and enhancing security, as well as building economic resilience for affected businesses (such as insurance and rapid recovery funds). Private sector partnerships can also strengthen overall societal resilience, reducing the disruptive impact of deniable, low-tech operations aimed at eroding public confidence and economic stability.


bottom of page