Over the past five years, the nature of cyber warfare in Europe has undergone a fundamental transformation. Before 2022, cyberattacks in the EU were primarily associated with criminal extortion, industrial espionage, and occasional state-sponsored operations. Since Russia’s full-scale invasion of Ukraine, they have become an integral part of hybrid warfare — a coordinated campaign to undermine stability, economies, and public trust.
Today, cyberspace is not a separate domain but an integrated instrument, closely intertwined with disinformation, sabotage of critical infrastructure, migration pressure, and election interference. The European Union has faced what can be described as a perfect storm: a surge in attacks, growing sophistication, and an increasingly systemic character.
Before 2022, ransomware groups — often of Russian origin but financially motivated — dominated the landscape. After February 2022, a significant increase was observed in operations linked to state structures, primarily Russia and its proxy allies, as well as China, which focuses on long-term espionage and supply chain attacks.
Attacks have become more targeted: against energy infrastructure, transport, healthcare, and government systems. Examples include DDoS attacks on the Baltic states, attempts to disrupt wind farms in Germany, and incidents involving airports.
Cyberattacks no longer exist in isolation. Russian operations are increasingly structured as complex hybrid campaigns in which cyber strikes on critical infrastructure are organically combined with other tools of pressure. Within a single coordinated operation, DDoS attacks and malware are deployed against energy facilities, transport systems, and government institutions.
In parallel, large-scale information operations unfold — foreign information manipulation and interference involving mass disinformation, the creation and promotion of deepfake videos, and targeted influence on public opinion via social media. Simultaneously with digital attacks, physical acts of sabotage are carried out: arson targeting infrastructure, railway damage, and other disruptive actions.
This multi-layered approach produces a synergistic effect: a cyberattack disrupts systems, disinformation amplifies panic and distrust of authorities, and physical sabotage compounds the material damage while creating a sense of total instability. This allows aggressors to remain below the threshold of armed conflict — avoiding a direct Article 5 NATO response — while still inflicting significant harm.
Supply chain attacks have become a standard instrument of modern cyber operations. State and proxy actors increasingly penetrate target systems not directly, but by compromising trusted software and service providers — as seen in incidents analogous to the large-scale SolarWinds campaign. This approach allows multiple organizations, including those in critical EU sectors, to be compromised simultaneously while remaining undetected for extended periods.
The role of artificial intelligence has grown considerably. AI is actively used to automate attacks, rapidly generate malware, craft convincing phishing campaigns, and produce fabricated content. This dramatically lowers the barrier to entry for malicious actors and increases the speed and scale of operations.
A distinct focus area is targeted influence on electoral processes and public opinion in key EU member states. Cyber operations are combined with information campaigns in which deepfakes, fake accounts, and algorithmic amplification are used to discredit politicians, stoke polarization, and erode trust in democratic institutions.
According to EuRepoC and ENISA, hundreds of significant cyber operations against European targets were recorded in 2025. While EuRepoC noted a slight decline in the number of unique operations compared to 2024 (179 versus 211), the number of affected targets increased, indicating a growing cumulative and spillover effect. ENISA’s 2025 Threat Landscape report analyzed nearly 4,900 incidents for the period from July 2024 to June 2025, registering a marked increase in the complexity and combined nature of threats.
Despite the concerns raised at the start of 2022, a full-scale cyberwar against the entire European Union did not materialize. However, large-scale attacks on Ukraine continue to produce significant spillover effects on Europe. Tools and tactics tested by Russian groups on Ukrainian systems are frequently trialed or inadvertently affect European networks, resulting in outages, data breaches, and the gradual refinement of malware and infiltration methods.
The European Union has responded to this new reality in a systemic — if characteristically bureaucratic — manner. In recent years, Brussels has shifted from a predominantly reactive posture toward building strategic resilience in cyberspace. The Strategic Compass, adopted in March 2022 alongside a hybrid threats toolbox, laid the groundwork for a more coordinated response. These documents were the first to clearly identify cyber threats as a priority for the EU’s collective security. In November 2022, the EU Cyber Defence Policy was introduced and subsequently adopted, strengthening the military dimension of cyber defence — including the development of joint capabilities, exercises, and coordination between military and civilian structures.
The NIS2 Directive played a pivotal role, substantially expanding the obligations of critical infrastructure operators and covering a far broader range of economic sectors. In January 2026, the European Commission proposed targeted amendments to this directive and a new Cybersecurity Act introducing stricter supply chain security requirements, strengthening the role of ENISA, expanding the certification framework, and placing greater emphasis on the EU’s overall cyber resilience.
European policy today shows a clear emphasis on preventing damage by enhancing overall system resilience, as well as the first concrete steps toward developing offensive cyber capabilities — both within the EU and NATO frameworks.
In March 2026, the EU Council adopted strong conclusions explicitly condemning Russia’s ongoing hybrid campaigns and those of its proxy structures, calling on member states to make full use of all available diplomatic, sanctions-based, and operational response tools.
Despite notable progress in European cyber defence, serious challenges remain. EU member states demonstrate markedly different levels of cybersecurity maturity: while the Nordic countries and the Netherlands possess highly developed infrastructure and expertise, several Eastern European and Southern members still lag in technical capabilities and human capital.
There is also persistent dependence on foreign technology providers, including those from countries considered elevated risks. This creates serious vulnerabilities in supply chains for critical hardware and software. Additional difficulties stem from the challenges of attributing cyberattacks and insufficient political will for a firm, coordinated response — many countries prefer restraint out of fear of escalation. Finally, the rapid development of technologies, particularly quantum computing and AI, continues to outpace regulatory and technical protective measures, constantly opening new windows of vulnerability.
In the coming years, the nature of cyber warfare in Europe will likely be shaped by three key trends. First, the further deep integration of multiple domains of confrontation — cyberspace, physical sabotage, and cognitive operations targeting public consciousness. Second, an intensifying contest for technological sovereignty, including the development of Europe’s own production of critical components and software. Third, the gradual development of collective offensive cyber capabilities, both within NATO and the European Union itself.
Cyber warfare on EU territory has evolved from a tactical instrument into a strategic weapon in the hybrid confrontation between authoritarian regimes and open societies. It is no longer an “IT problem” for security specialists, but a matter of national and collective security — one that touches economies, democracies, and social cohesion.
An effective response requires not only technical resilience but also political resolve, close coordination with partners on both sides of the Atlantic, and a readiness for proactive action. The European Union is moving in the right direction, yet the pace of change in the threat landscape continues to outrun bureaucratic processes. In the digital age, Europe’s security will be determined by how quickly the Union learns not only to defend itself, but to effectively deter and respond in cyberspace.