Undersea Sabotage: The Hidden Threat to Global Infrastructure

The ocean floor carries the connective tissue of modern civilization. Roughly 97 percent of all intercontinental data travels through undersea fiber-optic cables — not satellites — while subsea pipelines and power interconnectors supply energy across national borders. These systems support an estimated $10 trillion in daily financial transactions. They are also extraordinarily vulnerable. Since Russia’s full-scale invasion of Ukraine in 2022, the Baltic Sea has become the frontline of a campaign against this critical infrastructure, with at least eleven cables and pipelines damaged in suspected or confirmed acts of sabotage. What began as isolated incidents has escalated into a pattern that NATO, the European Union, and individual nations are still struggling to counter.

The Nord Stream Watershed

In September 2022, multiple underwater explosions ruptured the Nord Stream 1 and 2 gas pipelines in the Baltic Sea, severing Russia’s primary natural gas route to Germany. Seismologists detected the blasts from across Scandinavia. Investigators found evidence of high-powered explosives placed with precision, requiring specialized diving capabilities and operational planning far beyond what any non-state actor could easily muster. The attack sent immediate shockwaves through European energy markets, contributing to price spikes and supply disruptions that persisted for months. In November 2025, Italy’s highest court approved the extradition to Germany of a Ukrainian man suspected of coordinating the operation — the most significant legal development in a case that remains heavily contested, with Russia, Ukraine, the United States, and the United Kingdom all denying involvement.

Nord Stream was a watershed. It demonstrated that undersea infrastructure — previously considered too deep, too dispersed, and too obscure to target — was now a legitimate theater of hybrid warfare. Everything that followed in the Baltic unfolded in its shadow.

The Baltic Campaign: 2023–2026

What distinguishes the Baltic from other regions is the density and pace of incidents. The October 2023 severing of the Balticconnector gas pipeline between Finland and Estonia — attributed to the Chinese-flagged Newnew Polar Bear dragging its anchor across the seabed — marked the first confirmed post-Nord Stream infrastructure attack. Beijing initially denied involvement before acknowledging nearly a year later that the vessel caused the damage, blaming bad weather.

The tempo accelerated sharply in late 2024. On November 17–18, two fiber-optic cables — the BCS East-West Interlink connecting Sweden and Lithuania and the C-Lion1 cable connecting Finland and Germany — were severed within hours of each other, more than 100 nautical miles apart. Investigators identified the Chinese bulk carrier Yi Peng 3, which had departed the Russian port of Ust-Luga days earlier, as the prime suspect. Maritime tracking data placed the vessel at the exact time and location of both breaches. A month-long diplomatic standoff followed before China allowed representatives from Germany, Sweden, Finland, and Denmark to board the ship. A Swedish inquiry later found no conclusive evidence of deliberate action.

On Christmas Day 2024, the Cook Islands-registered tanker Eagle S — identified as part of Russia’s shadow fleet — dragged its anchor for over 50 miles across the Gulf of Finland, severing the Estlink 2 power cable between Finland and Estonia along with four telecommunications lines. Finland’s response was unprecedented: special forces boarded the vessel by helicopter in the first such military boarding since World War II. The ship was seized, crew members were placed under travel bans, and a criminal investigation was launched. However, in October 2025, a Finnish court dismissed the case, ruling prosecutors had failed to prove intent and that jurisdiction properly belonged to the ship’s flag state — exposing a critical gap in maritime law.

The incidents continued into 2025 and 2026. In January 2025, Sweden seized the Maltese-flagged Vezhen on suspicion of damaging a cable between Latvia and the island of Gotland — but prosecutors later ruled the breach accidental and released the vessel. On December 31, 2025, Finnish authorities seized the Fitburg, a cargo vessel sailing from Russia to Israel, after it was caught dragging its anchor across a Helsinki-Tallinn telecommunications cable. Investigators found drag marks stretching tens of kilometers along the seabed. Five days later, Latvian police boarded another vessel suspected of damaging a cable between Lithuania and Latvia. As of early 2026, the pattern shows no sign of abating.

Beyond the Baltic

While the Baltic has absorbed the most concentrated wave of incidents, the threat to undersea infrastructure is global. In early 2025, undersea communication cables connecting Taiwan to the international internet were severed, causing significant connectivity disruptions amid heightened cross-strait tensions. The Jamestown Foundation documented evidence of possible Sino-Russian collaboration, identifying the Chinese-crewed Shunxing-39 north of Taiwan and the Russian-operated Vasili Shukshin loitering near Taiwan’s cable landing stations for weeks in patterns inconsistent with commercial shipping. In the Mediterranean, cable cuts disrupted communications between Europe, the Middle East, and India as early as 2008, while Egyptian authorities arrested divers for cutting cables near Alexandria in 2013 — demonstrating that low-tech sabotage requires neither state backing nor sophisticated equipment.

Tactics, Techniques, and Procedures

The methods used in undersea sabotage fall into a narrow tactical range, but that simplicity is part of what makes them effective. The most common technique — and the hardest to prosecute — is deliberate anchor dragging, in which a vessel lowers its anchor while transiting over known cable or pipeline routes. The damage can be catastrophic while the act itself appears accidental, giving the perpetrator plausible deniability. The shallow average depth of the Baltic (roughly 180 feet) makes this tactic particularly viable, as cables sit closer to the surface than in deep-ocean environments.

Transponder manipulation compounds the attribution problem. Vessels involved in suspected incidents frequently disable their AIS transponders or carry dual systems to obscure their true positions. The Yi Peng 3 was tracked through independent maritime analysis after its AIS data proved inconsistent with its actual course. The use of dual-use commercial vessels — aging tankers, bulk carriers, and cargo ships that serve legitimate commercial functions while doubling as instruments of disruption — blurs the line between civilian shipping and hybrid warfare operations. These vessels can be directed to transit over sensitive infrastructure without raising immediate suspicion, especially in congested shipping lanes where thousands of vessels pass daily.

The Nord Stream attack stands apart from the anchor-dragging pattern, involving purpose-built underwater explosives placed with precision — a capability that points to state-level resources. The distinction matters: while anchor dragging operates in a legal and evidentiary gray zone, the use of explosives against international energy infrastructure constitutes an unambiguous act of covert aggression.

The Shadow Fleet Problem

Many of the vessels implicated in Baltic cable incidents belong to what analysts call Russia’s “shadow fleet” — a flotilla of more than 400 aging tankers assembled since 2022 to circumvent Western sanctions on Russian oil exports. These vessels operate under opaque ownership structures, frequently change names and flag registrations, and rely on non-Western insurance, making them difficult to track and nearly impossible to regulate through conventional maritime enforcement. More than 60 percent of Russian seaborne crude exports transit the Baltic.

The dual threat is significant. Even when shadow fleet vessels are not deliberately targeting infrastructure, their poor maintenance, inexperienced crews, and negligent seamanship create ongoing risk. Some European and American intelligence officials have assessed that several cable breaks were likely accidental — the result of badly maintained anchoring equipment on substandard ships, not coordinated sabotage. But the distinction offers little comfort. As the Bulletin of the Atomic Scientists noted in February 2026, whether the damage is intentional or negligent, the vulnerability is the same, and the response must address both.

International pressure has produced some results. Barbados, Gabon, and the Cook Islands — previously popular flag states for shadow vessels — announced in 2025 that they would de-flag ships sanctioned by Western governments. Estonia preemptively boarded the shadow fleet tanker Jaguar in May 2025 based on its lack of valid flag registration, though the vessel refused to comply and a Russian Su-35 fighter jet briefly violated Estonian airspace in an apparent show of protection. The episode illustrated both the growing willingness of coastal states to act and the escalation risks that accompany enforcement.

NATO and EU Response

The institutional response has evolved rapidly. In January 2025, NATO launched Baltic Sentry, a multinational naval operation deploying warships, patrol aircraft, and naval drones specifically to protect undersea infrastructure in the Baltic. Based at Germany’s CTF Baltic command in Rostock, the operation coordinates allied patrols and real-time monitoring of vessel movements. A NATO official noted that between Baltic Sentry’s launch and the December 2025 Fitburg incident, there were zero confirmed acts of deliberate cable damage — though the Fitburg seizure demonstrated the limits of deterrence against determined or negligent actors.

Complementing NATO’s military posture, the UK-led Joint Expeditionary Force activated Nordic Warden in January 2025 — an AI-powered system that analyzes AIS data and other maritime intelligence to calculate threat scores for every vessel entering the Baltic. The system was integrated into CTF Baltic’s operations. Meanwhile, NATO scientists developed MAINSAIL, a sensor and AI platform that tracks more than 100,000 vessels globally and alerts operators to anomalous behavior near undersea infrastructure.

The European Union has pursued a parallel track. In February 2025, the European Commission released an Action Plan on Cable Security focused on prevention, detection, response, recovery, and deterrence — a framework intended to run through 2026. Finland announced in January 2026 that it would establish a new maritime surveillance mechanism in cooperation with other Baltic states, including shared surveillance hubs for exchanging threat assessments and real-time intelligence. These measures reflect a broader recognition that undersea infrastructure protection cannot be treated as a purely military problem — it requires integration across civilian agencies, private cable operators, international law enforcement, and intelligence services.

The Legal Gap

The Eagle S case exposed the most critical weakness in the current response framework: the law hasn’t kept pace with the threat. Finland’s court dismissed the prosecution not because the evidence was insufficient, but because jurisdiction over negligent seamanship belongs to the ship’s flag state (the Cook Islands) and the crew’s home countries (Georgia and India) — neither of which has incentive or capacity to pursue the case. International freedom of navigation under UNCLOS further constrains what coastal states can do to intercept or inspect vessels in their exclusive economic zones, even when those vessels are actively damaging infrastructure.

The 1884 Convention for the Protection of Submarine Telegraph Cables remains technically in force but was drafted for an era of single telegraph wires, not fiber-optic networks carrying 97 percent of global internet traffic. Legal scholars and NATO officials have called for modernization of international maritime law to explicitly classify deliberate destruction of undersea infrastructure as a violation of international peace and security — but consensus among the UN membership remains far off. In the interim, coastal states are improvising. Finland’s forcible boarding of the Eagle S and seizure of the Fitburg represent a more assertive interpretation of existing maritime authority, one that other Baltic nations may increasingly follow.

Implications

The undersea sabotage campaign — whether coordinated or opportunistic — has already reshaped European security calculations. It has forced NATO to treat the seabed as an operational domain alongside land, sea, air, space, and cyber. It has accelerated investment in cable redundancy, alternative routing, and rapid repair capabilities. And it has exposed an uncomfortable truth: the infrastructure that sustains modern economies was designed for a world where the seabed was considered unreachable and untouchable. That assumption no longer holds.

New vulnerabilities are emerging alongside old ones. Offshore wind farms and subsea power connectors — the backbone of Europe’s green energy transition — present an expanding target set. The interdependence of satellite and undersea communication networks introduces dual vulnerabilities that a coordinated attacker could exploit simultaneously. And as cable operators expand into the Arctic, the high north opens a new theater where monitoring is sparse and response times are measured in days, not hours.

For now, the Baltic remains the proving ground. The question is no longer whether undersea infrastructure is vulnerable — that has been demonstrated repeatedly. The question is whether the legal, military, and technological response can evolve fast enough to close the gap before the next cable goes dark.