Latvia's State Security Service has disclosed that two individuals deliberately set fire to a train and critical railway equipment in August, acting in the interests of Russia. This act of sabotage represents the latest in a series of incidents across Europe that Western officials attribute to Moscow's covert operations.
Details of the Arson Attack
The security service stated that the perpetrators ignited the train and several railway relay cabinets, which are essential boxes containing equipment to control train movements. Additionally, they filmed the attack, and this video material was subsequently sent to those who commissioned the arson. The footage was exploited for propaganda purposes to falsely claim the fires occurred in Ukraine, according to the Latvian authorities.
A Broader Pattern of Sabotage
This arson incident is one of at least 151 cases of sabotage and malign activity tracked by The Associated Press across Europe since Russia's invasion of Ukraine in February 2022. Western officials link these actions to Russia, with goals including undermining support for Ukraine, spreading fear and discord in European societies, and draining investigative resources. Russia often employs proxies for such attacks, and some perpetrators reportedly have no awareness they are working for Moscow.
Recent Incidents in Europe
In November, Polish officials asserted that Russia's intelligence services were behind several sabotage incidents on a rail line used to deliver aid to Ukraine. Earlier, in January, Polish Prime Minister Donald Tusk revealed that hackers "directly linked to the Russian services" attacked two combined heat and power plants supplying heat to nearly half a million customers, along with multiple wind and solar farms.
Further afield, Danish officials reported in December that cyberattacks carried out by Russia in 2024 on a water utility left some houses without water. Similarly, in August, Norwegian police said pro-Russian hackers remotely opened a valve in a dam, causing water to pour out. These cyberattacks highlight the vulnerability of European critical infrastructure and indicate a concerning trend of Moscow adopting a "more aggressive posture" towards countries it views as adversaries, according to Ciaran Martin, former head of the U.K.'s National Cyber Security Centre.
Cyber-Kinetic Threats
Martin explained to AP that part of this strategy involves "cyber-kinetic" activity, where hackers linked to Russia alter variables in systems to produce physical impacts, such as changing water flows. This approach underscores the evolving nature of threats posed by state-sponsored actors.
Sabotage During Major Events
Italian officials are investigating the sabotage of multiple high-speed railway lines on the first day of the Milan-Cortina Winter Olympics in February. The ANSA news agency reported that infrastructure was burned or cut, disrupting thousands of passengers. Italy's Foreign Minister Antonio Tajani added that cyberattacks originating from Russia also targeted the Winter Olympics, including websites linked to the Games, hotels in Cortina, and foreign ministry sites.
In a parallel incident, high-speed railway lines in France were sabotaged in 2024 on the opening day of the summer Olympic Games. Neither Italy nor France has officially attributed these rail sabotage acts to Russia. The Kremlin has previously denied any involvement in a sabotage campaign when questioned by AP.
