The Rising Threat: Underwater Cable Sabotage in the Baltic Sea

Why has the Baltic Sea become a rapidly escalating hot spot of submarine cable sabotage attempts and incidents? 

This report outlines dual risks: commercial maritime activities and state-sponsored operations. Accidental damage from fishing vessels and merchant ships – often operating with outdated navigation practices – remains a persistent threat. 

In parallel, intelligence suggests an increase in state-backed surveillance and potential sabotage efforts, particularly from Russian-affiliated naval assets. These vessels employ deceptive tactics, including AIS signal spoofing, prolonged loitering near critical infrastructure, and covert mapping of undersea assets.

Keep reading to receive insights on:

• Why the EU is particularly vulnerable 
• A significant increase in high-risk vessel activity over undersea cables in the Baltic Sea, including anchoring and drifting behaviors in sensitive areas.
• A rise in state-sponsored operations targeting critical maritime infrastructure, including subsea communication cables and offshore energy assets.
• The use of deceptive shipping practices (DSPs) by military-affiliated vessels, making early detection and intervention increasingly complex.

The Baltic Sea’s strategic importance, geographical features, and ongoing geopolitical tensions have made it highly susceptible to cable cutting. Several factors contribute to this vulnerability:

1. Strategic importance of the infrastructure: the Baltic Sea hosts critical undersea infrastructure, including fiber-optic cables, gas pipelines, and power lines that connect NATO countries and Russia. These cables are vital for internet traffic, energy transport, and financial market communications. Disruptions can undermine global political stability and economic operations.
2. Geographical characteristics: the Baltic Sea is both shallow and narrow, making it easier to locate and target cables. It also has chokepoints where cables converge, increasing their susceptibility to damage or sabotage.
3. A collision point: the Baltic Sea is a strategic area where NATO and Russia directly confront each other. Tensions have escalated since Russia’s invasion of Ukraine, with NATO increasing its presence in the region to counter Russian aggression and expansionism. This includes protecting critical infrastructure, such as undersea cables and pipelines, which are vital for communication and energy supplies.
   
   The vulnerability of onshore cable landing stations is also a growing concern. These risks are exacerbated by Europe’s heavy reliance on Baltic Sea fiber-optic cables, such as the C-Lion1 (connecting Finland to Germany) and the BCS East-West Interlink (Lithuania to Sweden). These cables handle a significant portion of Europe’s internet traffic, including essential data for financial transactions, communications, and digital services.
4. Increased Russian activity: Russia has been accused of mapping undersea infrastructure in the Baltic Sea and conducting military exercises near critical installations. Alleged Russian involvement in anchor-dragging incidents has heightened fears of deliberate sabotage.
5. Traffic volume and plausible deniability: the Baltic Sea is one of the world’s busiest maritime regions, with numerous commercial, cargo, and military vessels traversing its waters daily. This increases the likelihood of incidents involving undersea cables, whether deliberate or unintentional. Many vessels suspected of causing damage are registered in foreign territories, complicating investigations and providing plausible deniability to state actors such as Russia or China. This makes accountability challenging.

Let’s attempt to quantify accidental damage and state-sponsored activities, using Windward’s Maritime AI™ platform. 

Accidental Damage

Accidental damage from fishing vessels and commercial ships remains a significant threat, particularly when these vessels operate with outdated nautical charts. This risk is compounded by the fact that many cables are both long and remote, making them difficult and costly to monitor. 

According to Windward Intelligence data, 6,130 individual vessels conducted a cumulative 60,076 anchoring activities in the Baltic Sea over the past year (February 2024-February 2025).

State-Sponsored Subversive Activities

The primary threat to underwater cables and critical infrastructure is state-sponsored entities, with Russia being the most prominent. Russia has demonstrated a strategic focus on subsea infrastructure as part of its hybrid warfare doctrine, leveraging naval capabilities to map, surveil, and disrupt critical assets, such as fiber-optic communication cables, energy pipelines, and offshore wind farms.

Russian state-backed vessels, often operating under the guise of research ships, fishing trawlers, and service vessels, have been observed conducting mapping operations in the North Sea, Baltic region, and transatlantic cable routes. These vessels are suspected of possessing autonomous underwater vehicles (AUVs) and remotely operated vehicles (ROVs) capable of scanning, tampering with, or severing submarine infrastructure. 

There has been a significant increase in subversive military and state-sponsored threat activity targeting critical national infrastructure (CNI) in the North Sea, particularly in the maritime domain. 

This includes covert operations aimed at disrupting offshore energy assets, undersea cables, and key shipping lanes. Our Maritime AI™ platform has detected increased dark activity, anomalous loitering near sensitive infrastructure, and deceptive shipping practices linked to state-backed actors. These evolving threats underscore the urgent need for advanced, predictive intelligence to detect and mitigate risks before they escalate into major disruptions.

A total of 3,509  “drifting activities” (vessels shutting off their engines but not lowering their anchors) were conducted in the Baltic Sea in 2020, many directly above undersea cables. Twelve percent (12%) of the vessels conducting these activities were labeled as high or moderate risk, due to various factors and behavioral patterns in line with deceptive shipping practices (DSPs). Eighteen percent (18%) were affiliated with the Russian regime. 

Russian-affiliated vessels commonly sail in the Baltic Sea, making it difficult to single out such events. 

In the last year (February 2024-February 2025), 2,313 individual vessels associated with the Russian regime visited the Baltic Sea (this means vessels identified as connected to the Russian government via ownership connections, flag, or behavioral indicators). Only 436 of these vessels were sailing under the Russian flag, making it challenging to distinguish between normal commercial fleets and those with current and previous ties to Russia. 

We can further narrow the results by excluding vessels affiliated with companies based in Russia. We are left with 1,894 vessels that are marked by Windward as moderate or high risk for involvement in Russia’s shadow fleet, yet display no obvious connections to Russia via markers such as flag or ownership. They can sail unnoticed in Baltic waters, potentially ready to perform covert mapping and  offensive operations via the following tactics:

Extended loitering time: prolonged periods in strategic maritime zones, often near critical infrastructure, engaging in slow-speed activity under the pretense of research or fishing operations​.

Covert anchor dragging & cutting: vessels have been observed using their anchors or specialized equipment to drag across subsea cables, causing damage while maintaining plausible deniability.

Jamming & spoofing AIS signals: many of these vessels conduct AIS dark operations, turning off their tracking systems while operating in sensitive areas to avoid monitoring by maritime security platforms​.

With so many vessels sailing in the Baltic Sea, detecting those that pose a threat is like finding a needle in a haystack. There is no practical way to monitor each ship that passes over a cable, let alone to do so before one can cause harm. 

AI is instrumental in narrowing down the number of relevant vessels, by highlighting those that are sailing above or near cables, displaying odd or suspicious sailing and behavioral patterns, and belonging to a risky vessel population. 

A search for all vessels conducting slow-speed sailing in the Baltic Sea over seven  recent days (March 6-13, 2025) yields an unmanageable number of ships – 4,180.

Over the next decade, subsea technology will advance significantly, particularly in autonomous underwater surveillance, real-time monitoring, and cyber resilience. Remotely operated vehicles (ROVs) and autonomous underwater vehicles (AUVs) will enhance deep-sea patrols and infrastructure repair.

Fiber-optic-based sensor networks will enable real-time detection of tampering or sabotage. But these advancements will benefit both defenders and aggressors. Defenders will gain improved physical threat detection, automated response systems, and enhanced infrastructure resilience.

Adversaries will leverage stealth AUV operations, AIS spoofing, and hybrid cyber-physical attacks to disrupt global communications and energy networks. Russia has already demonstrated expertise in undersea mapping, covert sabotage, and electronic warfare, using both naval assets and civilian-disguised vessels.

The European Union (EU) is currently vulnerable due to its limited subsea monitoring capabilities and lack of advanced AI-driven behavioral threat detection. While it benefits from strong intelligence-sharing between member states, it lacks the ability to track and analyze anomalous vessel behavior at scale. 

Recent incidents in the North Sea and Baltic have demonstrated the urgency for AI-enhanced surveillance and risk profiling to detect covert threats before they escalate. To secure its critical infrastructure, the EU would be wise to invest in AI-powered maritime threat detection and real-time behavioral risk monitoring, ensuring it can counter emerging maritime threats before they cause widespread disruption.

As technology advances and subsea infrastructure evolves, so too will the tactics and vulnerabilities exploited for intentional disruption. The rapid pace of technological integration within an industry often outstrips that of the public sector, creating security gaps that adversaries can exploit before mitigation strategies are fully established. 

This disparity presents a critical national security risk, as emerging threats may materialize before effective countermeasures are in place.

The EU faces significant challenges in enforcing maritime security in the Baltic Sea, particularly due to the complex ownership structure of undersea cables and unclear protection responsibilities. While these cables are critical to national security, they are primarily owned and operated by private companies, meaning national navies and governments have limited jurisdiction to proactively defend them. 

Responsibility for protection falls across multiple organizations, including private operators, telecom regulators, law enforcement, navies, and coast guards, creating overlapping and fragmented accountability. This lack of a unified strategy weakens the EU’s ability to deter and respond to threats effectively. 

Additionally, the recent push for new security frameworks and initiatives, while well-intentioned, overcomplicates enforcement by introducing further bureaucratic layers. This disjointed approach ultimately benefits aggressors like Russia, who exploit these gaps to conduct mapping, loitering, and potential sabotage operations with minimal resistance.

To ensure resilience, the EU should maintain real-time situational awareness of evolving threats, enabling a rapid and proactive response to prevent major outages and infrastructure compromise. The growing reliance on subsea cables increases the risk of economic disruption and national security breaches, making it imperative for enhancing detection and response capabilities.

By adopting AI-driven maritime security solutions, the EU can effectively identify and assess emerging threats in real time, addressing unknown vulnerabilities before they escalate. This proactive risk management approach ensures that critical infrastructure remains protected without overextending operational fleets. Integrating AI-based threat detection will not only enhance security but also enable a sustainable, cost-effective defense strategy.

Effective maritime security requires the ability to share intelligence with non-government organizations, including private infrastructure operators, shipping companies, and cybersecurity firms. Restricting critical threat data to government agencies creates blind spots, whereas secure, real-time intelligence sharing ensures all stakeholders can proactively defend against emerging risks. 

Effective maritime security and subsea infrastructure protection require a robust intelligence-sharing framework that extends beyond government agencies to include private infrastructure operators, shipping companies, cybersecurity firms, and other key stakeholders. 

Restricting critical threat intelligence to classified government channels creates operational blind spots, leaving private sector entities vulnerable to emerging risks. Given that undersea cables, offshore energy assets, and shipping networks are largely owned and operated by private companies, these organizations must have timely access to actionable intelligence on potential threats, such as state-sponsored vessel movements, cyber intrusions, and sabotage attempts. 

Establishing secure, controlled information-sharing channels – while maintaining classified protections where necessary – will allow for better coordination, faster response times, and stronger collective defense against evolving maritime security challenges. 

Without such integration, adversaries will continue to exploit security gaps between public and private sector responsibilities, further increasing the risk to national security and economic stability.