Microsoft warns of sharp increase in Russian cyber activity targeting NATO

Russian cyber operations targeting NATO countries have surged by 25% over the past year, according to a new analysis cited by Microsoft.

 

Nine out of the top ten nations hit hardest by Russian state-sponsored cyber activity are NATO members, underscoring Moscow’s growing focus on the alliance.

 

By geography, the U.S. accounted for about 20% of the attacks, followed by the UK at 12%. Ukraine, though not a NATO member—also featured prominently in Microsoft’s findings, with 11% of observed activity.

 

The sector most frequently targeted remains government infrastructure, followed by research institutions, think tanks, and NGOs. 

 

Microsoft warned that Russia has increasingly been tapping into its domestic cybercriminal networks to carry out operations as proxies or to gain indirect access to targets. Experts describe this escalation as part of Russia’s broader “hybrid warfare” strategy, leveraging unconventional means, including cyberattacks, alongside physical, intelligence, and political tactics.

 

In addition to cyber offensives, Russia continues to test NATO’s borders: recent months have seen drone incursions in Poland, airport closures in Denmark over unidentified drones, and violations of Estonian airspace by Russian jets.

 

A former MI5 chief even suggested that the U.K. may already be engaged in a new form of warfare with Russia, where cyber and physical threats converge. 

 

As these patterns intensify, NATO states must strengthen their defenses, share threat intelligence, and treat cyber operations as a core dimension of national security not just a peripheral risk.