RIGA - The cyber threat to Latvia from hostile countries remained high last year, but, as in previous years, their activities varied in intensity rather than being constantly high or increasing linearly, according to the annual report of the Constitution Protection Bureau (SAB).
The overall level of cyber threats in Latvia was the highest ever recorded and has increased several times since Russia's full-scale attack in 2022. A significant proportion of cyber incidents in 2025 were cybercrimes, various types of fraud in the digital environment, which only rarely threaten critical infrastructure or national security interests.
The vast majority of cyberattacks observed last year did not have significant or long-lasting consequences. This is largely due to the efforts of Latvia's cyber defenders, who carried out preparatory work and responded effectively to incidents, according to the SAB.
In 2025, Latvia experienced a full spectrum of different types of cyber attacks. National security interests were most threatened by intrusion attempts, malicious code, compromised equipment, and attacks on service availability.
Last year, Russia maintained its position as Latvia's main cyber threat. This is based on both Russia's strategic goals and Latvia's military, political, and other material and psychological support for Ukraine in its war against Russia.
Last year, the SAB saw a continuation of the trend observed in the previous year: large, public, politically significant events did not experience targeted cyberattacks from hostile countries. Thus, in 2024, no significant cyberattacks were observed during the European Parliament elections and the International Crimea Platform Summit, while in 2025, no malicious external attacks were observed during the local elections. This can be explained, at least in part, by preventive cyber defense measures, especially those taken by Cert.lv.
As stated in the SAB report, growing concerns continue to be caused by threats to operational technologies - equipment and software used to monitor and control physical processes, devices, and infrastructure, including to provide services that are essential to society as a whole, such as energy, water management, and transportation.
Nowadays, more and more equipment is controlled remotely, and in many cases, the cyber security of these systems is not carried out effectively and responsibly enough, Therefore, malicious attackers can use relatively simple methods to remotely access industrial control systems or other operational technologies to influence or even disrupt the provision of important services, warns the SAB. According to data from the European Union Agency for Cybersecurity (ENISA), almost a fifth (18.2 percent) of cyberattacks in Europe have been directed at operational technologies, the report says.
Russian so-called hacktivists have shown that they are willing and able to carry out cyber attacks on industrial control systems in Latvia and Western countries, which can cause both short-term inconvenience and threats to the security of critical infrastructure. Their goal with such attacks is to disrupt service provision, shock and sow doubt among the country's residents, as well as punish them for their support of Ukraine and deter them from providing assistance in the future, according to the security agency.
In August 2025, a group of Russian hacktivists repeatedly attacked a hydroelectric power plant in the Polish city of Gdansk. The attackers managed to remotely access the control systems and change the operating parameters, causing the generator and rotor to stop and effectively shutting down the power plant.
To date, vulnerabilities in operational technologies in Latvia have mostly been discovered as a result of preventive protection and monitoring measures, and no significant incidents that would threaten critical infrastructure and vital services have been recorded, the SAB concluded.
Please enter your username and password.
2026 © The Baltic Times /Cookies Policy Privacy Policy
