Russia continues to engage in sabotage, information operations, and cyberattack preparations targeting industrial control systems (ICS) in Latvia and other Western nations. These actions, identified by the Latvian Constitution Protection Bureau (SAB) in its 2025 annual report, are intended to create uncertainty, disrupt services, and retaliate against support for Ukraine, as well as discourage future assistance.
Rising Cyber Threats in Europe
The SAB report warns of significantly increasing security risks posed by Russia across Europe, noting a sustained high number of sabotage and cyber incidents. According to the report, Russia remains the primary cyber threat to Latvia, driven by its broader strategic goals and Latvia’s support for Ukraine’s defense efforts.
While the overall number of registered cyber threats reached an all-time high in 2025 – a multiple increase since Russia’s 2022 invasion of Ukraine – most incidents involved cybercrime and digital fraud, posing limited risk to critical infrastructure. However, the SAB highlights a growing concern regarding threats to operational technology (OT) environments, which control essential services like energy, water, and transportation.
Vulnerabilities in Operational Technology
OT systems, increasingly managed remotely, often lack adequate cybersecurity measures, creating opportunities for malicious actors to gain access and disrupt vital services. ENISA reported that 18.2 percent of cyberattacks in Europe now target operational technologies. Russian hacktivists, the SAB notes, have demonstrated the capability to attack ICS systems in Latvia and elsewhere, aiming to cause disruption and sow discord.
Recent incidents illustrate this threat. In April, a cyberattack in Norway exploited a weak password to manipulate a dam’s water flow. In August, Russian hacktivists successfully shut down a hydroelectric power plant in Gdansk by remotely accessing and altering control systems. So far, Latvian vulnerabilities have been identified through monitoring, and no significant incidents endangering critical infrastructure have been recorded.
The report also details ongoing Distributed Denial of Service (DDoS) attacks against Latvian government, municipal, and critical infrastructure entities. These attacks, often timed to coincide with significant dates or political announcements, aim to disrupt services and undermine public trust. A large DDoS attack occurred last July following a Latvian company’s win in an international drone procurement competition.
Frequently Asked Questions
What is the primary cyber threat to Latvia, according to the SAB report?
According to the SAB report, Russia continues to pose the main cyber threat to Latvia due to its strategic goals and Latvia’s support for Ukraine.
What are operational technologies and why are they a growing concern?
Operational technologies are the equipment and software used to control physical processes and infrastructure, such as energy, water, and transport. They are a growing concern because they often lack sufficient cybersecurity and are vulnerable to disruption.
Have any significant cyber incidents impacted Latvian critical infrastructure?
The SAB reported that significant incidents endangering critical infrastructure and vital services have not been registered in Latvia as of 2025, though vulnerabilities have been identified through monitoring.
Given the evolving threat landscape, will Latvia and other Western nations be able to effectively defend against increasingly sophisticated cyberattacks targeting critical infrastructure?
