The risk of Russia- and China-backed attacks on undersea cables carrying international internet traffic is likely to rise amid a spate of incidents in the Baltic Sea and around Taiwan, according to a report.
Submarine cables account for 99% of the world’s intercontinental data traffic and have been affected by incidents with suspected state support over the past 18 months.
Analysis by Recorded Future, a US cybersecurity company, singled out nine incidents in the Baltic Sea and off the coast of Taiwan in 2024 and 2025 as a harbinger for further disruptive activity.
The report said that while genuine accidents remained likely to cause most undersea cable disruption, the Baltic and Taiwanese incidents pointed to increased malicious activity from Russia and China.
“Campaigns attributed to Russia in the North Atlantic-Baltic region and China in the western Pacific are likely to increase in frequency as tensions rise,” the company said.
Incidents flagged by the report included the severing of two submarine cables between Lithuania and Sweden in the Baltic Sea last November, which investigators blamed on an anchor dragged by a Chinese vessel. In December a ship carrying Russian oil was seized after it severed cables between Finland and Estonia.
Incidents around Taiwan over the past 18 months include a Chinese-crewed freighter cutting cables between the island and its outlying Penghu Islands in February by repeatedly manoeuvring in a zigzag pattern over the cables. The previous month, a Chinese-owned cargo ship was cited as the likely cause of damage to a Taiwan-US cable.
The report said: “While it is difficult to definitively attribute recent incidents in the Baltic Sea and around Taiwan to state-sponsored sabotage, such operations align with both Russia and China’s strategic objectives, recently observed activities, and current deep-sea capabilities.”
Recorded Future said a successful attack on multiple cables – which would cause prolonged disruption – would have to occur in deeper waters and would “very likely involve state-sponsored threat actors, due to the difficulty of accessing these sites”. Such an operation would probably take place before outright conflict, the report said.
Recorded Future identified 44 cable damages over the past 18 months, a quarter caused by “anchor dragging” and nearly a third by “unknown causes”, with seismic activity or natural phenomena causing 16% of the incidents.
An undersea cable being laid in the Baltic Sea. Analysts say targeting these cables can be an attractive tactic because the damage can be passed off as an accident. Photograph: Lehtikuva/Reuters
Analysts added that damaging subsea cables could be an attractive tactic because it allowed states to target adversaries’ infrastructure via an unsophisticated method that could be passed off as an accident or be carried out by vessels without direct links to the attacks’ suspected sponsor.
Recorded Future said improved monitoring of cables and security measures around subsea infrastructure, as well as comprehensive stress tests, would help prevent an incident damaging multiple cables and causing “prolonged connectivity issues”.
Despite the high-profile Baltic and Taiwan incidents, the three most disruptive incidents were elsewhere: in the Red Sea in February last year when a Houthi missile caused a ship’s anchor to hit cables – leading to “significant impact on communication networks in the Middle East”; in west Africa a month later due to an underwater rock slide; and off the coast of South Africa in May 2024 due to a cable-dragging incident.
Recorded Future said the impact of the Red Sea and Africa incidents showed that the most prolonged disruption happened in areas with limited availability of alternative cables and a shortage of repair expertise regardless of the cause of the disruption.
Conversely, two attacks in the Baltic Sea in November last year had minimal impact due to spare capacity and Europe’s resilient internet infrastructure. However, the report said three EU island member states – Malta, Cyprus and Ireland – were more vulnerable due to their reliance on submarine cables for international communications.
The UK government’s recent strategic defence review acknowledged the potential threat to the country’s subsea cabling and recommended that the Royal Navy takes a “new leading and coordinating role in securing undersea pipelines, cables, and maritime traffic carrying the information, energy, and goods upon which national life depends”.
