Since the start of Russia’s war on Ukraine, there has been a significant increase in the intensity of hybrid attacks targeting Ukraine’s allies. From the Baltic States to Germany, Russian hacker groups, such as APT28, often linked to or directly supervised by officers from the GRU, Russia’s military intelligence service, are attempting to destabilize supporting nations by attacking governmental websites and servers through DDoS attacks, massive disinformation campaigns, or waves of emails warning of bomb threats in schools, for example.
The cyberattacks, which have also targeted Germany's Social Democrats party and various sectors including logistics, defense, and IT, began two years ago. APT28 has also exploited a vulnerability in Microsoft Outlook to meddle with several countries, including the Czech Republic, Lithuania, Poland, Slovakia, and Sweden.
On May 8, Numerous institutions across Slovakia, including schools, banks, and electronic retailers, received bomb threats via email, with over 1,300 threats reported in schools alone. The warnings, sent from an unnamed sender praising Islam, prompted Slovakia’s National Crime Agency to initiate a terrorism investigation. Over 120 schools in Bratislava, Slovakia’s capital, received similar messages originating with a Russian email address that mentioned explosives in lorries.
Poland’s ‘cyber cold war’
Poland is, according to Krzysztof Gawkowski, the Polish digitalization minister, in a state of “cyber cold war” with Russia and faces “an improbable arms race” in cybersecurity.
Poland expressed its full solidarity with Germany and the Czech Republic following the May cyberattacks, condemning the cyber campaigns. It also stressed the need for responsible behavior in cyberspace and urged all states, including Russia, to adhere to the “principles of responsible behavior in cyberspace.” Additionally, Poland reaffirmed its commitment to protect the country’s critical infrastructure while strengthening cyber defenses.
Gawkowski also pointed to the rapid growth in the number of cyberattacks affecting Poland, which, according to the minister, increased by 100% between 2022 and 2023.
He added that these attacks have been directed not only from Russia and Belarus but also from countries supporting Russia.
In April, a cyberattack in Latvia disrupted the satellite signal of a channel scheduled to broadcast the Ukrainian station FREEDOM, replacing it with Russian propaganda content.
Initially, a message citing technical issues appeared on the channel, but that was soon followed by banned Russian songs and propaganda material. The incident, which lasted several minutes, was confirmed as a hacking attack by the Latvian cybersecurity agency Cert.lv. The agency said that a satellite signal managed by a French company was disrupted.
Estonia
Throughout recent months, Estonia has experienced the largest wave of DDoS attacks in its history, targeting numerous government websites.
Pro-Kremlin hackers claimed responsibility for the attacks. Despite the severity of the attacks, a rapid response by the Estonian authorities managed to minimize their impact.
Romania
During late April and early May 2022, amid the 2022 Russian invasion of Ukraine, several Romanian government, military, banking, and media websites experienced disruption owing to a string of DDoS attacks.
These attacks were attributed to the pro-Kremlin hacking group known as Killnet. The group claimed that these cyberattacks were in response to a statement made by then-Senate President Florin Cîțu, indicating Romania’s intention to provide military equipment to Ukraine.