Suspicion has fallen on Russia over a series of confirmed or apparent acts of sabotage and espionage that took place late last year in Western Europe, experts say, with European countries increasingly taking measures in response.
The acts came after two events that hurt Russian interests. In September, explosions in the Baltic Sea put Russia’s Nord Stream gas pipelines to Germany out of use. The Kremlin blamed the sabotage on the United Kingdom, without evidence. Ukraine and Poland blamed Russia but also provided no evidence.
Then, on October 7, the Kerch Strait Bridge was bombed, interrupting Moscow’s ability to supply Russian-annexed Crimea, an attack Russia blamed on Ukraine’s military intelligence.
It may have been a coincidence, but the day after the Kerch bridge bombing, trains across northern Germany ground to a halt after cables that enabled train drivers to communicate were sabotaged.
“It is clear that this was a targeted and malicious action,” Minister for Transport Volker Wissing told a news conference, without identifying who might be responsible.
Two days later, the Danish island of Bornholm was plunged into darkness after the undersea cable that supplies it with electricity from Sweden was severed.
On October 19, internet cables were severed in the south of France at three locations simultaneously. Cloud security company Zscaler said the cable cuts, which severed digital highways linking Marseille with Lyon, Barcelona and Milan, had “impacted major cables with connectivity to Asia, Europe, US and potentially other parts of the world”.
Internet service provider Free posted photographs of data cables severed inside their buried concrete housings, calling the event “an act of vandalism”. France had suffered a similar attack in April.
During the same month, Norway’s domestic security authorities said they were investigating suspicious instances of drones being flown near airfields and energy infrastructure and, in December, Lithuania reported an increase in unauthorised drone flights over military sites.
“In one of the military facilities, more violations were recorded in one month this year than in the whole of last year,” said the armed forces.
Suspicion for these activities is focusing on Unit 29155, a branch of the General Staff of the Russian Armed Forces consisting of deep-cover intelligence operatives who operate abroad.
“By all available accounts, Unit 29155 has been in existence since at least 2009. It consists of a small number of personnel, possibly around 200, with an additional 20-40 operations officers,” said Joseph Fitsanakis, professor of intelligence and security studies at Coastal Carolina University.
Fitsanakis told Al Jazeera that the unit has its origins in networks of Soviet agents who “were at times tasked with developing and maintaining plans for large-scale sabotage, behind enemy lines, which would become operational during a conventional war between the USSR and the West. They included acts of sabotage against energy networks, public utilities, civilian or military harbours, telecommunications systems.”
Debriefed Russian defectors have said President Vladimir Putin, himself a former KGB agent, revived sabotage networks in the early 2000s, creating Unit 29155.
“Given its mission, and the strong record of its activities in the lead-up to the Ukrainian war, there is no doubt that Unit 29155 is heavily involved in Russian hybrid operations today,” said Fitsanakis. “Several instances of sabotage targeting Western utility and transportation networks in Poland, Scandinavia, France and Germany bear the hallmarks of Unit 29155 operations,” he said.
In fact, he said, “it would be utterly surprising if Unit 29155 had not been activated during the  Russian invasion of Crimea, as well as in the lead-up to the most recent war”.
Arthur PB Laudrain, a doctoral researcher at the University of Oxford and analyst at the Hague Centre for Strategic Studies, told Al Jazeera that while it is difficult to prove Russian involvement, the professionalism of the sabotage in France strongly suggests the involvement of a state actor.
“In the April attack, you had to reach several access points along rail lines or highways. The perpetrators knew what they were doing to maximise damage and they cut not just specific points but removed sections of the cable, which makes them more difficult to repair,” Laudrain said, while pointing out that mere vandalism could still not be ruled out.
The incidents in Western Europe have underlined the vulnerability of key digital communications and energy infrastructure to attacks, and the potential for serious economic disruption in countries helping Ukraine’s war effort.
“Moscow has made a point of targeting the physical elements of the internet – from server farms to company employees making data security and content moderation decisions – to exert control over the internet at home and in surrounding [regions] over the past couple of decades,” said Justin Sherman, the founder of advisory firm Global Cyber Strategies and nonresident fellow at the Atlantic Council.
“Internationally, in the past few years, NATO and other groups have raised concerns about heightened Russian military activity near undersea cables, too,” he told Al Jazeera.
A year ago, the UK’s chief of defence staff, Tony Radakin, warned of heightened Russian submarine activity near data cables.
Meanwhile, Alexander Downer, a former Australian foreign minister, writing in The Spectator in October, said 95 percent of the world’s internet traffic passes through just 200 undersea fibre optic cable systems.
“There are estimated to be as few as 10 global chokepoints where these cables converge or come ashore. If you wanted to cut off Britain from the world, it would not be very difficult to sabotage these chokepoints,” he wrote.
Europe has slowly begun to respond to the threats.
In 2020, NATO established two new commands, at Ulf in Germany and Norfolk in the UK, to monitor submarine activity in the North and Baltic Seas.
Last October, France said it was buying a fleet of unmanned underwater vehicles to better protect undersea cables.
On November 22, Swedish police arrested suspected Unit 29155 operatives Elena Kulkova and Sergey Skvortsov in Stockholm and charged them with espionage. The Russian couple had been living in Sweden since 1997 and had been under surveillance for years.
Bellingcat found that Skvortsov and Kulkova’s registered Moscow address was also home to numerous intelligence agents. Among them were General Andrey Averyanov, head of Unit 29155, and Major-General Denis Sergeev, the Unit 29155 agent believed to have masterminded the poisonings of former spy Sergei Skripal and his daughter in the English city of Salisbury. Skvortsov was the executive director of a company owned by a self-confessed military intelligence operative, Vladimir Kulemekov.
In Norway, meanwhile, Prime Minister Jonas Gahr Støre said he was raising the armed forces’ state of readiness.
“We are in the most serious situation with security policy in recent decades … rising tensions mean we are more vulnerable to both threats and intelligence and influence. This requires all NATO countries to be more vigilant,” he said in October.
But some observers are sceptical of the extent to which any country can entirely safeguard civilian infrastructure.
Mike Myrianthis, a Greek oil industry veteran, believes that whoever bombed the Nord Stream 2 pipeline opened a can of worms.
“The Nord Stream sabotage destroyed the Russian-German energy relationship,” he told Al Jazeera.
“Strikes on infrastructure have become something of a fashion and set a dangerous precedent.”