Photo by Tayla Kohler on Unsplash
The North Atlantic Council says it strongly condemns Russia’s malicious cyber activities.
It says these constitute a threat to Allied security.
The council issued a statement which says, “We stand in solidarity and recognise that Estonia, France, the United Kingdom and the United States have recently attributed malicious cyber activity targeting several NATO Allies and Ukraine to Russia’s military intelligence service (GRU). We recall that in 2024, Germany and the Czech Republic individually attributed activity to APT 28, which is sponsored by the GRU. We also note with concern that the same threat actor targeted other national governmental entities, critical infrastructure operators and other entities across the Alliance, including in Romania.”
“These attributions and the continuous targeting of our critical infrastructure, with the harmful impacts caused across several sectors, illustrate the extent to which cyber and wider hybrid threats have become important tools in Russia’s ongoing campaign to destabilise NATO Allies and in Russia’s brutal and unprovoked war of aggression against Ukraine,” says the council.
It goes on, “We call on Russia to stop its destabilising cyber and hybrid activities. These activities demonstrate Russia’s disregard for the United Nations framework for responsible state behaviour in cyberspace, which Russia claims to uphold. Russia’s actions will not deter Allies’ support to Ukraine, including cyber assistance through the Tallinn Mechanism and IT capability coalition. We will continue to use the lessons learned from the war against Ukraine in countering Russian malicious cyber activity.”
The statement adds, “NATO stands for a free, open, peaceful and secure cyberspace. We call on all States, including Russia, to uphold their international obligations, also when acting in cyberspace, and to act consistently with the framework for responsible state behaviour in cyberspace as affirmed by all members of the United Nations.”
It says, “We remain united in our determination to counter, constrain, and contest Russian malicious cyber activities and are investing in our defences; including through the establishment of the NATO Integrated Cyber Defence Centre and upholding our Cyber Defence Pledge commitments as well as through the commitments made in the Hague Summit Declaration,” says the council statement.
“We are determined to employ the full range of capabilities in order to deter, defend against and counter the full spectrum of cyber threats. We will respond to these at a time and in a manner of our choosing, in accordance with international law, and in coordination with our international partners including the EU.”
Separately, the European Council, or member states, has also issued a statement.
It reads: “The European Union remains unwavering and unequivocal in its strong condemnation of the persistent malicious activities posed by Russia. These form part of broader, coordinated, and long-standing hybrid campaigns aimed at threatening and undermining the security, resilience and democratic foundations of the EU, its Member States and its partners.”
“Over the past years, we have observed a deliberate and systematic pattern of malicious behaviour attributed to Russia, including its military intelligence service, the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). Russia has waged hybrid campaigns against the EU and its Member States for years, with malicious activities further escalating since the beginning of the war of aggression against Ukraine and highly likely to persist in the foreseeable future.”
It goes on, “Last year, the EU attributed cyberattacks targeting democratic institutions in Germany and Czechia to the Russia-controlled actor APT28. In 2025, France has attributed to the GRU cyberattacks targeting electoral process, media and other public and private critical entities. This clearly illustrates continuity of malicious intent and represents a blatant disregard for international law and the United Nations framework of responsible state behaviour in cyberspace.”
“Russia’s destabilising hybrid campaigns are however not limited to the cyber domain, and also include acts of sabotage, disruption of critical infrastructure, physical attacks, information manipulation and interference, and other covert or coercive actions. Recently, Romania attributed a sophisticated hybrid attack that significantly impacted its electoral process to Russia. Germany also recently attributed the information manipulation activities of the media platform “RED” to Russia. This follows earlier EU sanctions targeting the same entity. These actions from Russia demonstrate deliberate and unacceptable behaviour,” states the EU council.
The statement says, “Today, the EU stands in full solidarity with the United Kingdom as it announced new restrictive measures in response to operations led by the GRU and continues to denounce the tangible threat Russia poses to the security of the UK and its partners, including the EU. The EU has already adopted restrictive measures against three GRU units (29155, 26165 and 74455) and multiple individuals linked to the GRU. The EU reaffirms that such malicious behaviour will not undermine our resolute and continued support for Ukraine. The EU remains determined to expose and counter Russia’s hybrid activities targeting the EU and its Member States, and, alongside international partners, to support its immediate neighbourhood, particularly Ukraine and the Republic of Moldova.”
“In line with this firm and consistent stance, the EU will continue to act with determination through a strategic approach towards Russia’s hybrid threats. This ensures a proactive, coherent and sustained response, including through asymmetric and proportionate measures in line with international law. We will continue to strengthen our resilience, deepen cooperation with international partners, in particular with NATO in full respect of the agreed principles and make full use of all available means to prevent, deter, and respond effectively to Russia’s hybrid activities,” says the Council statement.
