The North Atlantic Council has issued a formal condemnation of recent Russian malicious cyber activities, describing them as a threat to Allied security and an extension of the Kremlin’s ongoing hybrid campaign.
In a joint statement, NATO said it stood in solidarity with Estonia, France, the United Kingdom and the United States, all of which have recently attributed cyber activity targeting NATO Allies and Ukraine to Russia’s military intelligence service, the GRU. The Council also recalled that Germany and the Czech Republic separately attributed cyber operations to APT 28, a GRU-sponsored actor, in 2024.
NATO stated: “We also note with concern that the same threat actor targeted other national governmental entities, critical infrastructure operators and other entities across the Alliance, including in Romania.”
The Council added that these incidents, and the harmful impact they have had across multiple sectors, reflect the increasing use of cyber and hybrid threats by Russia to destabilise NATO members and to support its war of aggression against Ukraine.
The statement continued: “We call on Russia to stop its destabilising cyber and hybrid activities. These activities demonstrate Russia’s disregard for the United Nations framework for responsible state behaviour in cyberspace, which Russia claims to uphold.”
NATO reaffirmed that support for Ukraine would continue, including cyber assistance delivered through the Tallinn Mechanism and the IT capability coalition. The Council underscored its commitment to applying lessons learned from the war in Ukraine to strengthen collective cyber defences.
NATO stands for a free, open, peaceful and secure cyberspace, the statement said. It called on all states, including Russia, to meet their international obligations and adhere to the UN-endorsed framework for responsible behaviour in cyberspace.
The Council confirmed that the Alliance remains united in its determination to counter, constrain and contest Russian cyber threats. This includes new investment in cyber capabilities such as the NATO Integrated Cyber Defence Centre, ongoing delivery against the Cyber Defence Pledge, and commitments agreed at the Hague Summit.
“We are determined to employ the full range of capabilities in order to deter, defend against and counter the full spectrum of cyber threats. We will respond to these at a time and in a manner of our choosing, in accordance with international law, and in coordination with our international partners including the EU.”