Source: NATO
1. We strongly condemn Russia’s malicious cyber activities, which constitute a threat to Allied security. We stand in solidarity and recognise that Estonia, France, the United Kingdom and the United States have recently attributed malicious cyber activity targeting several NATO Allies and Ukraine to Russia’s military intelligence service (GRU). We recall that in 2024, Germany and the Czech Republic individually attributed activity to APT 28, which is sponsored by the GRU. We also note with concern that the same threat actor targeted other national governmental entities, critical infrastructure operators and other entities across the Alliance, including in Romania. These attributions and the continuous targeting of our critical infrastructure, with the harmful impacts caused across several sectors, illustrate the extent to which cyber and wider hybrid threats have become important tools in Russia’s ongoing campaign to destabilise NATO Allies and in Russia’s brutal and unprovoked war of aggression against Ukraine.
2. We call on Russia to stop its destabilising cyber and hybrid activities. These activities demonstrate Russia’s disregard for the United Nations framework for responsible state behaviour in cyberspace, which Russia claims to uphold. Russia’s actions will not deter Allies’ support to Ukraine, including cyber assistance through the Tallinn Mechanism and IT capability coalition. We will continue to use the lessons learned from the war against Ukraine in countering Russian malicious cyber activity.
3. NATO stands for a free, open, peaceful and secure cyberspace. We call on all States, including Russia, to uphold their international obligations, also when acting in cyberspace, and to act consistently with the framework for responsible state behaviour in cyberspace as affirmed by all members of the United Nations.
4. We remain united in our determination to counter, constrain, and contest Russian malicious cyber activities and are investing in our defences; including through the establishment of the NATO Integrated Cyber Defence Centre and upholding our Cyber Defence Pledge commitments as well as through the commitments made in the Hague Summit Declaration.
5. We are determined to employ the full range of capabilities in order to deter, defend against and counter the full spectrum of cyber threats. We will respond to these at a time and in a manner of our choosing, in accordance with international law, and in coordination with our international partners including the EU.