Key Takeaways:
- Russia continues to pose a significant cyber threat to Latvia and other Western countries, with a focus on sabotage, information operations, and preparations for cyber attacks on industrial control systems (ICS).
- The number of cyber incidents in Latvia has reached an all-time high, with most incidents being cyber crimes and digital fraud that rarely threaten critical infrastructure or national security interests.
- Hostile cyber activity from Russia and other countries has been observed to fluctuate in intensity, with most attacks having limited impact due to effective prevention and response measures.
- Cyber threats to operational technology (OT) environments are a growing concern, with Russian hacktivists showing a willingness and capability to carry out attacks on ICS systems.
- Preventive cybersecurity measures and monitoring have been effective in identifying vulnerabilities in Latvian operational technologies, with no significant incidents registered.
Introduction to Cyber Threats
The Constitution Protection Bureau (SAB) of Latvia has released its 2025 annual report, highlighting the ongoing cyber threats posed by Russia to the country and other Western nations. The report notes that Russia has continued to engage in sabotage, information operations, and preparations for cyber attacks on industrial control systems (ICS) in Latvia and other countries, with the aim of spreading uncertainty, undermining services, punishing support for Ukraine, and deterring future backing. The SAB warns that the security risks posed by Russia in Europe are increasing significantly, with the number of sabotage and cyber incidents remaining high.
Cybersecurity Regulations and Framework
In response to the evolving cyber threat landscape, the Latvian government has implemented new regulations aimed at enhancing cybersecurity. On June 25, 2025, the Cabinet of Ministers adopted a regulation setting the minimum cybersecurity requirements for critical infrastructure in the ICT sector, which is supervised by the SAB. The regulation includes a ban on cooperation with third countries outside the EU and NATO, which government institutions must take into account during procurement procedures related to ICT resources. This regulation is part of the legal basis being developed to form a cybersecurity framework corresponding to the current security challenges.
Cyber Threats to Latvia
The SAB reports that Latvia experienced a full spectrum of cyber-attacks in 2025, including intrusion attempts, malware distribution, compromising of equipment, and distributed denial-of-service (DDoS) attacks. Russia continued to pose the main cyber threat to Latvia due to its strategic goals and the country’s support for Ukraine. The overall level of registered cyber threats towards Latvia reached an all-time high in 2025, having increased multiple times since Russia’s full-scale attack on Ukraine in 2022. However, most of the cyber incidents were cyber crimes and digital fraud, which rarely threatened critical infrastructure or national security interests.
Trends in Hostile Cyber Activity
The SAB noticed a trend that started in 2024, with large, public, and politically significant events not attracting any cyber-attacks from hostile states. This can be attributed to the preventive defensive measures taken by Latvia’s cyber defenders, including the national Cyber Incident Response Institution – CERT.LV. The agency also observed that hostile cyber activity from Russia and other countries has been fluctuating in intensity, with most attacks having limited impact due to effective prevention and response measures.
Cyber Threats to Operational Technology
The SAB flags that cyber threats to operational technology (OT) environments are a growing concern. Operational technologies are equipment and software used to monitor and control physical processes, devices, and infrastructure to provide essential public services. Despite the increasing number of devices managed remotely, many of these systems lack the necessary level of cybersecurity, allowing malicious cyber actors to gain remote access to industrial control systems or other operational technologies. The European Union Agency for Network and Information Security (ENISA) reported that almost one-fifth of cyber-attacks in Europe were targeted at operational technologies.
Russian Hacktivists and ICS Attacks
Russian hacktivists have shown that they are willing and capable of carrying out cyber-attacks on Latvian and Western ICS systems designed to create short-term inconvenience or even threaten the security of critical infrastructure. These attacks aim to affect vital services, shock, and sow doubt among the general population, punish for the support previously provided to Ukraine, and deter from providing any support in the future. Examples of such attacks include the cyber-attack against a dam on the Risetvatnet lake in Norway and the attack on the Gdansk hydro-electric power station in Poland.
Preventive Cybersecurity Measures
The SAB reports that preventive cybersecurity measures and monitoring have been effective in identifying vulnerabilities in Latvian operational technologies, with no significant incidents registered. For example, in 2025, it was identified that the software and applications used in a municipal service provider’s ICS and service provision were highly vulnerable to potential attacks via remote access. The agency recommends that critical infrastructure and essential service providers constantly improve the cybersecurity of their operational technologies and systematically implement measures, procedures, and technical solutions to minimize the negative impact of potential cyber-attacks.
DDoS Attacks
The SAB also reports that Russian DDoS attacks still come in waves against Latvian government and municipal institutions and critical infrastructure. The goal of such attacks is to disrupt services and availability of information, spread doubt in society, and undermine trust in public institutions and vital services. DDoS attacks are frequently tied to nationally relevant dates or political decisions and announcements. To minimize the impact of DDoS campaigns, Latvian organizations are recommended to use services designed to defend against DDoS attacks, such as the centralized DDoS defense service provided by the Latvian State Radio and Television Centre (LVRTC).