The cyber threat landscape in light of the Nord Stream pipeline sabotage

On September 26th and 27th 2022 the Nord Stream pipeline, running from Russia to Germany under the Baltic Sea, was deliberately sabotaged according to authorities using several hundred kilos of explosives. No one has claimed responsibility for the attack nor has any clear evidence been presented to put light on who could be behind the act. However everything indicates that the attack is linked to the ongoing war between Russia and Ukraine, and is part of an ongoing Russian escalation.

Russia and Ukraine have been at de facto war since 2014 and in that conflict in particular Russia has been using digital misinformation, manipulation and cyberattacks as weapons. This has happened through a large number of denial-of-service attacks, advanced attacks on critical infrastructure and destructive attacks. In 2017 that also affected Maersk in Denmark in the well-known NotPetya attack. In connection with the invasion of Ukraine on February 24th 2022, Russia carried out a large number of cyberattacks on Ukrainian targets. The American satellite Internet provider Viasat was victim to an attack that, in addition to customers in Ukraine, also affected a large number of customers across Europe.

Currently it is unconfirmed who was behind the sabotage of the North Stream pipeline but based on the current situation, Russia seems like the most likely perpetrator. Currently Russia is losing the war and they are therefore willing to sacrifice almost anything to turn the prospect of losing. Some has also been speculating that USA or Ukraine might be the perpetrator, with the motive being to permanently stop Europe from buying Russian natural gas. Though, for both USA and Ukraine the risk by being exposed conducting such an attack is simply too high, as this could turn Germany and public opinion against supporting Ukraine. Other suggests that environmental activist fighting greenhouse gas emissions could be possible perpetrators. However, these groups do not have the capabilities needed to blow up an underwater pipeline and also they would have claimed responsibility to get attention.

“The likelihood of serious potential (targeted) cyberattacks being carried out must be assessed to be higher than before the sabotage.”

Jacob Herbst, CTO and Partner, Dubex

The sabotage of the Nord Stream pipelines should serve as a warning from Russia. The fact that valuable physical energy infrastructure is actually being sabotaged and destroyed should be seen as an indication that the threshold for attacks in general has been significantly lowered. In addition to this, the likelihood of serious potential (targeted) cyberattacks being carried out must be assessed to be higher than before the sabotage. Since the North Stream pipelines was not in current operation, the attack should be seen as a clear warning about the capabilities and determination that Russia possesses. Like the previous disruptions to gas supply, drone observations at oil rigs, this should probably be seen as yet another tool Russia is using, in an attempt to pressure the rest of Europe to drop aid to Ukraine.

When Russia most likely keeps losing on the battlefield, the threshold for attacks will likely be lowered even further, the sabotage show us that Russia is willing to take on violent and extreme methods to win. Recently, there have been warnings from the Ukrainian intelligence service about destructive cyberattacks aimed against Ukraine and the West, just as there are signs of closer cooperation between the Russian intelligence services and cybercriminals.

“In general, Danish companies and organizations are facing a significantly more challenging threat landscape than previously seen.”

Jacob Herbst, CTO and Partner, Dubex


Cybersecurity has been highly prioritized on the agenda since before the start of the Russian invasion of Ukraine and the rising tensions entails that the risk of serious cyberattacks – as part of a hybrid war – must be included in the threat landscape as a likely scenario. In general, Danish companies and organizations are facing a significantly more challenging threat landscape than previously seen.

Most likely such attacks will initially target against the energy sector and, secondarily, the financial sector and possibly the telecommunications sector – i.e. sectors if affected by attacks, will have serious impact and major consequences for many ordinary citizens. However, there is also a quite high risk of “spill-over” effects to other sectors – both in the form of direct attacks and consequential damage due to destructive cyberattacks or malware. It is a possibility that cyberattacks will be used in combination with sabotage against physical infrastructure to maximize the impact.

The current assessment is that these attacks most likely are not imminent as the current time is not optimal in terms of creating the maximum impact. Attacks will most likely come during the worst and coldest weather conditions or around the Christmas holidays. Or in cases the situation on the battlefield in Ukraine worsen significantly for Russia.

The current and urgent recommendation is to pay extra attention to cybersecurity and once more use this as a serious warning to ensure that one’s security level is as it should be. Be aware and ask yourself the important questions: Are you prepared for an attack? What is the procedure if something hits you and you company?

Jacob Herbst will have a presentation about the current threat landscape on our webinar November 2nd 2022. He will be assisted by Peter Sindt, Professional Services Manager who will talk about how to react when a attack hits.

Read more and signup here.

Jacob Herbst
Jacob Herbst

Learn more about this subject or how we can support your business:

Christian Jul Jensen

Chief Sales & Marketing Officer
+45 3070 2557

Address tomorrow’s challenge, today.

Talk to an expert about how we can secure your business