In February 2022, Russia launched its invasion of Ukraine. Since then, European officials have denounced not only the actions taken against Ukraine, but also what is often referred to as “hybrid warfare” or “grey zone” tactics – hostile acts falling short of open war – against other European nations supporting Ukraine. Hybrid warfare methods, which can include a range of aggressions such as cyber-attacks and drone and fighter jet entries into foreign airspaces, seek to disrupt and tax resources of countries at the receiving end with relatively low costs and high psychological impacts.
The topic of hybrid warfare once again became top of mind on September 9, when about 20 Russian drones entered Polish airspace days before joint Russian military exercises in Belarus, prompting airport closures and the scrambling of North Atlantic Treaty Organization (NATO) fighter jets.
Poland has not been the only country to face airspace entries from Russian drones and aircraft, though. Other European countries, particularly those with links to Western aid to Ukraine, also face threats of disruptions from hybrid warfare tactics that continue to plague key logistics hubs. The threat of interruption to manufacturers in the region is also growing due to increasing assaults on infrastructure and cyber-attacks.
Logistics disruptions on the rise across Europe
A Russian drone incursion into Polish airspace on September 9 led to the closures of four airports including the Warsaw Chopin and Modlin airports and facilities in eastern Polish cities including Rzeszów and Lublin. Additionally, Poland placed airspace restrictions on unmanned aircraft and private nighttime civil aviation along borders with Ukraine and Belarus in response to the incident, measures since extended until March 9, 2026. While the incident in Poland marked a significant escalation in hybrid warfare on targets in Europe, it is not an isolated one. Across Europe, similar drone-related airspace violations are estimated to have doubled since 2024 while also becoming more severe. In 2025, airspace violations have occurred in Moldova, Norway, Denmark, Romania, and Estonia, often resulting in flight suspensions.
In Germany as well, officials confirmed on October 1 that drones were sighted over key military and industrial sites including that of Thyssenkrupp Marine Systems in the northern state of Schleswig-Holstein. Munich International Airport suspended operations on October 3, 4, and 18 and Berlin-Brandenburg International Airport suspended flights on October 31 due to drone sightings near their facilities, an interruption that is becoming increasingly commonplace in the country. In 2024, there were about 143 drone sightings near German airports; by late-October of this year, more than 190 drone sightings had already been reported. German officials, including the country’s Chancellor Friedrich Merz, have suggested that Russia is behind most of the activity.
On November 30 and again on December 6, Lithuanian officials suspended operations at Vilnius International Airport following the incursion of a balloon, which are often linked to smuggling, in the facility’s airspace from Belarus. The incidents were just the most recent events impacting flight operations in Lithuania, where the Vilnius airport has been temporarily closed at least ten times since early October. In 2025 alone, about 600 balloons and 200 drones have entered Lithuanian airspace. A statement by the Lithuanian Foreign Minister on December 1 that Belarus was deliberately targeting the Lithuanian airport was followed the next day by one from European Commission President Ursula von der Leyen expressing that Belarusian incursion into Lithuanian airspace constituted a “hybrid attack”, highlighting the worsening situation at the Lithuanian Belarusian border. As a result of increasing airspace incursions, the E.U. announced it has begun to prepare further sanctions targeting Belarus, and on December 9 Lithuania declared a state of emergency and requested authorization of military support for police and border guards.
Disruptions have not been prompted solely by drones and balloons entering foreign airspaces. Fires in Germany, Poland, and the United Kingdom in 2024 were ultimately tied to the planting of explosive parcels on cargo planes by individuals linked to Russian military intelligence services. Jamming of global positioning system (GPS) signals by Russian operatives also resulted in air traffic disruptions at smaller airports in Eastern Europe, and Sweden has similarly sounded the alarm on a significant rise in GPS signal jamming over the Baltic Sea that has disrupted shipping and been traced to Russian territory. The Swedish Transport Agency disclosed over 700 reported aviation jamming incidents through August 28, 2025, while the total incidents for all of 2023 stood at only 55.
Increasing tensions have begun to impact ground transit as well. On October 29, Lithuania shut all border crossings that remained open with Belarus after a spike in balloon incidents, with those crossing remaining closed until November 19. Following the September 9 drone incident in Poland, Polish authorities closed all border crossings with Belarus. The border closures, the most disruptive of which were in place until September 25, cut off truck crossings as well as all train crossings, causing severe delays on the China-Europe Railway Express.
The route is typically the fastest overland route for Chinese shipments to Europe, and 90% of the network’s 20,000 trains traverse Poland. Some Polish border crossings with Belarus have remained closed beyond September 25, with Poland postponing the opening of its Bobrowniki crossing to trucks until November 17 in solidarity with Lithuania after late-October security concerns. More recently, an explosive device deployed on November 16 by individuals linked to Russian intelligence destroyed portions of a railway track in Poland about 62 miles (100 kilometers) from Warsaw, marking the first direct attack on Poland’s rail network and prompting a top EU diplomat to accuse Russia of committing state-sponsored terrorism.
At sea, Russia has been accused of sailing on collision courses with Danish naval vessels, and Danish authorities reported navigation system disruptions in the country’s straits between the Baltic and the North Sea in October. European ministers, in a letter dated from May this year, revealed that GPS jamming or spoofing from Russian or Belarusian actors has been ongoing since 2022 in the Baltic Sea area, an economic zone accounting for 15% of the world’s cargo shipping, with dramatic increases in such incidents since August 2024. Ships in the Black Sea have similarly reported Russian GPS spoofing, potentially impacting shipping at the largest seaports in both Romania and Bulgaria.
Physical- and cyber-related attacks pose risk to critical infrastructure and manufacturers
Across all categories of activities, recent reports suggest that suspected Russian hybrid warfare activity against European nations as of early October had already outpaced total hybrid warfare activity from 2024. While attacks on transportation targets may feature most heavily in headlines due to their visibility, a report from the Centre for International and Strategic Studies indicates that these types of attacks account for about 27% of total attacks. About 21% are against critical infrastructure targets like pipelines, undersea fiber-optic cable, or electric grids, and another 21% of attacks are waged against industrial units including defense companies.
A 2025 Microsoft report estimates an increase in Russian cyber-attacks against NATO countries of about 25% in the past year, with the United States and United Kingdom being the most targeted countries. Though the most targeted sector was government agencies, the report found an increasing occurrence of smaller businesses in countries that support Ukraine being targeted. NATO’s head of cyber operations warned on December 4 that it is believed the Russian government could have aided cyber-attacks targeting British businesses, including recent attacks on retailer Marks and Spencer plc and Jaguar Land Rover Automotive PLC, the latter of which resulted in production stoppages and an
Between 2023 and 2024, incidents of confirmed Russian sabotage against European infrastructure more than tripled. Europol’s EU Serious and Organized Crime Threat Assessment for 2025 highlights an increase in politically motivated cyber-attacks against critical infrastructure and public institutions, with the report indicating that the increase has originated from Russia and “countries in its sphere of influence”. In April this was exemplified when operations of a local dam in Norway were taken over by Russian hackers, resulting in hours of unnoticed water flow. While the incident did not yield any injuries or damages, it highlighted the exposure of Norway, which produces most of its electricity via hydropower dams, to such attacks.
Everstream clients are receiving more detailed insights and recommendations about this risk.
Don’t miss key supply chain risk updates! Subscribe now to get supply chain news, weather updates, forecasts, and other insights.