The European Union is facing increasingly intense hybrid threats targeting democratic institutions, critical infrastructure and social cohesion, according to a new briefing from the European Union Research Service. European Parliament (EPRS), entitled “EU response to hybrid threats”), compiled by analysts Linda Tothová and Darius Engel and published in July 2026.
The document emphasizes that hybrid attacks have become significantly more frequent and sophisticated, where through a combination of political, economic, cyber, informational and military instruments, the aim is to weaken citizens' trust in institutions and destabilize European societies, without crossing the threshold of an open armed conflict.
It is particularly noteworthy that Russian hybrid activities in Europe quadrupled between 2022 and 2023, and then tripled again during the period 2023–2024, especially in countries that provide political, financial, and military support to Ukraine.
The document recalls that the concept of hybrid warfare gained importance after Russia's annexation of Crimea in 2014, when Moscow combined the engagement of so-called "little green men" with other unconventional methods of action. The Russian invasion of Ukraine in 2022 further demonstrated that covert operations can be combined with conventional military actions within a single strategy.
Cyberspace as the main battlefield
The authors of the document assess that the cyber domain remains one of the most important areas of hybrid action. State and non-state actors use cyber attacks for espionage, intelligence gathering, disruption of the functioning of institutions, and influence on public opinion.
Examples include the Iran-linked cyberattack on Albanian state institutions in 2022, the attack on the European Parliament website after Russia was declared a state sponsor of terrorism, and the DDoS attack on the French National Assembly in 2023, for which the pro-Russian group NoName057 claimed responsibility.
Also mentioned is data from the European Cybersecurity Agency (ENISA), according to which, from July 2024 to June 2025, the most affected sectors were public administration, transport, digital infrastructure and the financial sector.
Pipelines, cables and railways are targeted
The briefing warns that hybrid activities are increasingly geared towards critical infrastructure.
The document cites examples of sabotage of underwater telecommunications cables and gas pipelines in the Baltic Sea, including damage to the Balticconnector gas pipeline and several communication cables between Finland, Estonia, Lithuania, Sweden and Germany.
The European Commission describes critical infrastructure as the "new battlefield of modern warfare," while the document also warns about the activities of the so-called "shadow fleet," which is linked to possible sabotage of underwater infrastructure.
In addition, a large number of fires, sabotage on railways and other incidents have been recorded across Europe. According to the data included in the document, between January 2022 and February 2026, 152 incidents attributed to Russian actors were identified.
Hybrid actions are aggressively extending into the military domain, where deliberate provocations test the limits of the NATO Alliance and create panic among the civilian population. Since 2022, member states on the eastern flank have consistently recorded violations of their airspace.
Notable examples include the entry of a Russian cruise missile into Polish airspace in March 2024, repeated violations of airspace by military aircraft, and the downing of a Russian drone on Romanian territory in May 2026. In addition, balloons launched from Belarus have systematically penetrated the territories of Poland and Lithuania as part of a broader psychological pressure campaign.
The fight against information manipulation
In the information field, Europe is waging an uphill battle against foreign manipulation and interference (FIMI). The European External Action Service (EEAS) report from March 2026 clearly identifies Russia (29%) and China (6%) as the main generators of disinformation campaigns.
Through sophisticated operations like Ghostwriter and Doppelgänger, these actors use botnets, fake media portals, and deepfake content created with artificial intelligence.
Their main targets are key democratic events, including the 2024 Olympic and Paralympic Games in Paris, the presidential elections in Romania, as well as the electoral cycles in Moldova, with the clear aim of undermining trust in electoral processes and deepening social divisions.
The European Parliament calls for a stronger response
The briefing concludes that the European Parliament considers that the greatest hybrid threats to the EU come from Russia, China and Belarus and calls for strengthening cooperation between the EU and NATO, increasing the resilience of member states and better protecting critical infrastructure.
The European Parliament also calls for improved intelligence sharing, a stronger response to disinformation and cyberattacks, and closer cooperation with partner countries.
The GeoPost

Serbian right-wing campaign to deny Srebrenica genocide
Arsenijevic after the attack on Srebrenica: Empathy for the suffering of others is anti-patriotism in Serbia
Trump "holds all the cards" in relation to Iran
US Congressmen Demand OSCE Parliamentary Assembly Be Held in the US, Not Serbia
US launches new attacks on Iran after Tehran closes Strait of Hormuz
Kallas and Kos: Europe does not tolerate genocide denial and glorification of war criminals