Russian cyber-attacks against NATO states surged 25% over the past year, according to Microsoft's annual digital defence report. The data reveals a deliberate focus on government institutions across alliance members, part of a broader pattern of hybrid escalation that now spans digital intrusions, drone incursions, and airspace violations.
Microsoft's latest digital defence report landed recently, and the headline number is hard to ignore. Russian cyber-attacks against NATO states jumped 25% over the past year. This is not random noise. Nine of the top 10 countries most affected by Russian state cyber-activity were NATO members. Ukraine was the only non-NATO country in that top 10. The targeting is deliberate, concentrated, and clearly aligned with Russia's strategic priorities.
The Numbers Behind the 25% Surge
The country-level breakdown tells a clear story. The US absorbed the largest share, hit with 20% of all recorded attacks. The UK came in second at 12%, followed by Ukraine at 11%. Microsoft declined to give exact details beyond those top three, so the full picture of the remaining countries is incomplete. But the pattern is evident. Russia is pouring resources into penetrating NATO networks, and the US and UK are bearing the brunt.
The sector targeting is just as revealing. Government systems took the top spot, accounting for a quarter of all attacks. Research and academia ranked second, while thinktanks and non-governmental organisations placed third. Amy Hogan-Burney, a vice-president for cybersecurity policy at Microsoft, noted that Russia is using its highly active cybercriminal community to carry out these aims. That means the attacks are not just coming from state-run units. Russia is tapping its domestic criminal ecosystem as a force multiplier.
Cyber Is Only Half the Story
The cyber data does not exist in a vacuum. Look at what has been happening physically across NATO's eastern flank over the same period. Russian drones have crossed into Polish airspace, unidentified drones have forced the closure of airports in Denmark, and NATO has intercepted Russian fighter jets that violated Estonian airspace over the Baltic Sea.
Jamie MacColl, a senior research fellow at RUSI, frames this as part of a single strategy. There has been a general uptick in Russian covert, and sometimes overt, action against NATO member states over the past 12 months. The cyber operations are not separate from the drone flights or the jet incursions. They are all threads of the same approach.
What the Pattern Reveals About Russian Strategy
The combination of digital and physical probing points to a calculated testing of NATO's boundaries. The cyber-attacks hit government institutions and thinktanks, the exact places where policy is shaped and alliance decisions are made. The drone incursions and airspace violations test military response times and political willingness to react. Neither tactic alone tells the full story. Together, they show Russia probing for weaknesses across multiple domains simultaneously.
The fact that nine of the top 10 targeted countries are NATO members removes any ambiguity about intent. Ukraine remains in the crosshairs, but the weight of Russian cyber activity has clearly shifted toward the alliance itself. The question is not whether this escalation is intentional. The question is what NATO does about it.
What Comes Next
Microsoft expects cyber activity to continue across NATO-based areas. A former head of MI5, Eliza Manningham-Buller, recently warned that the UK may already be at war with Russia given the intensity of cyber-attacks and other hostile activity directed at the country. That framing, from someone who once led the UK's domestic spy agency, is striking.
For NATO as a whole, the challenge is response. Hybrid tactics are designed to sit in a grey zone between peace and war, making it harder for alliance members to agree on what constitutes an act of aggression worthy of a collective response. The data from Microsoft makes one thing clear: the escalation is not slowing down. How NATO chooses to answer that escalation will shape the security landscape for years to come.
Comments