Latvia’s State Security Service said two people set fire to a train and specific rail infrastructure in an August incident, portraying the act as part of a wider campaign of sabotage and cyber operations that European and U.S. officials say are linked to Russia. The agency said the suspects also filmed the attack and that the resulting video was delivered to the people who commissioned the arson, who later used it for propaganda claiming the fires were in Ukraine.
In its account, Latvia’s security service said the arson targeted a train and rail relay cabinets—boxes that contain equipment controlling train movements—and that the perpetrators recorded the incident. The service said the video material was later passed to the people who commissioned the arson and used it to claim the fires were in Ukraine.
The Latvian case was described by The Associated Press as the latest warning in a sequence of incidents that Western officials say reflect Russian attacks on critical infrastructure across Europe. The report said the sabotage in August is one of at least 151 incidents of sabotage and malign activity across Europe tracked by AP since February 2022, with officials saying such efforts aim to undermine support for Ukraine, spread fear and discord in European societies, and draw away investigative resources. The report also said Russia often uses proxies for such attacks and that some perpetrators have said they did not know they were hired by Moscow.
AP reported that in November, Polish officials said Russia’s intelligence services were behind several incidents of sabotage on a rail line used to deliver aid to Ukraine. In January, Polish Prime Minister Donald Tusk said two combined heat and power plants supplying heat to almost half a million customers, along with multiple wind and solar farms, were attacked by hackers “directly linked to the Russian services.” The Associated Press also said Danish officials reported cyberattacks carried out by Russia in 2024 on a water utility that left some houses without water and that, in August, Norwegian police said pro-Russian hackers remotely opened a valve in a dam allowing water to pour out.
The cyberattacks, AP said, illustrate vulnerabilities in European critical infrastructure and are part of a trend officials described as showing Moscow adopting “a more aggressive posture” toward European countries it views as adversaries. Former U.K. National Cyber Security Centre head Ciaran Martin told AP that this includes “cyber-kinetic” activity—when hackers linked to Russia change variables in a system to have a physical impact, such as altering water flows.
The Associated Press also said Italian officials are investigating sabotage on multiple high-speed railway lines on Feb. 1, the first day of the Milan-Cortina Winter Olympics. It reported that ANSA said infrastructure was burned or cut, affecting thousands of passengers, and that Italy’s Foreign Minister Antonio Tajani said cyberattacks originating from Russia also targeted the Winter Olympics, including websites linked to the Games, hotels in Cortina, and foreign ministry sites. The report added that high-speed rail lines in France were sabotaged on the opening day of the summer Olympic Games in 2024, and that neither Italy nor France has officially attributed the rail sabotage.
AP said the Kremlin has previously told AP it denies any involvement with a sabotage campaign.