ATO’s 76th summit, which will be held June 24-25, 2025, in The Hague, Netherlands, comes at a time as the alliance’s member countries grapple with a rapidly changing global security dynamic. Russia continues to press on with its war campaign in Ukraine despite efforts to achieve a cease fire. Deep questions remain over the U.S. military commitment to Ukraine and if the U.S. would assist Europe if a conflict surfaced as required under Article 5 of NATO’s founding treaty. Israel undertook bombing strikes against Iran on the pretence that Iran was edging close to building viable nuclear weapons, which was followed by U.S. airstrikes. Since the previous summit, the leaders of European NATO countries have shown a dramatic change in rhetoric regarding the need to take on greater responsibility for security on the European continent, particularly as it pertains to increases in defense spending and military assistance to Ukraine. With an anticipated ambitious agenda, evidence of a clear rift in transatlantic relations and the alliance’s global super power distracted with other priorities, the summit could be hampered by disruption and division. This environment is ripe for cyber threats, prompting NATO member states to be on the look out for activity that could impact critical infrastructure entities. These threats could come from ideological and politically motivated attackers, who may seek to draw attention through distributed denial-of-service (DDoS) attacks, data leaks and website defacements affecting NATO nations. This blog, which draws on Intel 471’s Cyber Geopolitical Intelligence, will outline the issues at hand at the summit, the challenges facing NATO and look at the possible cyber threats.
No longer a neutral state, Sweden is now facing a wave of cyberattacks targeting key institutions.
Sweden is under attack, Prime Minister Ulf Kristersson said on Wednesday, following three days of disruptions targeting public broadcaster SVT and other key institutions.
"We are exposed to enormous cyberattacks. Those on SVT have now been recognised, but banks and Bank-id have also been affected," Kristersson told journalists in parliament.
The attacks have been identified as Distributed Denial-of-Service (DDoS) events and disrupted services, raising concerns about the resilience of Sweden’s digital infrastructure.
While Kristersson did not name a specific perpetrator, he referred to earlier reports by the Swedish Security Service, which has identified Russia, China, and Iran as frequent actors behind such cyber operations.
The incidents have heightened concerns about vulnerabilities in Sweden’s cybersecurity systems and underscored the growing threat to critical infrastructure in one of the world’s most connected nations, where over 93% of households have internet access.
Cybersecurity experts have warned that such breaches could escalate, impacting not just digital services, but also public trust.
The attacks come amid heightened geopolitical tensions. Sweden's recent accession to NATO and its support for Ukraine have likely made it a more prominent target for cyberattacks, including those originating from hostile states.
Previously known for its military neutrality, Sweden now faces what Kristersson described earlier this year as a "new and more dangerous reality" since joining NATO in 2024.
As part of its pledge to meeting NATO's 2% of GDP defence spending target, the Swedish government has committed to invest heavily in cybersecurity and military capabilities.
Russia and other hostile states have become increasingly brazen in adopting “gray zone” attacks against Europe and the United States, leaving defense officials with a dilemma: How to respond?
An undersea cable breach would reroute to satellites
The center, called the NATO Integrated Cyber Defense Center, will have multiple locations, but will be headquartered in Mons, Belgium.
The NATO Integrated Cyber Defense Center will “enhance network protection, situational awareness and the implementation of cyberspace as an operational domain,” the alliance said.
The NATO Integrated Cyber Defence Centre (NICC) will enhance the protection of NATO and Allied networks and the use of cyberspace as an operational domain. The Centre will inform NATO military commanders on possible threats and vulnerabilities in cyberspace, including privately-owned civilian critical infrastructures necessary to support military activities.
Russian military intelligence, the G.R.U., is behind arson attacks aimed at undermining support for Ukraine’s war effort, security officials say.
Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers.
NoName057(16) relies heavily on HTTPS application-layer DDoS attacks, with many attacks repeatedly sourced from the same attack harness, networks, and targeting similar countries and industries.
Tallinn, Estonia – From 18 to 21 April, the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) is hosting Locked Shields 2023, the world’s largest live-fire cyber defense exercise. Over 3,000 participants from 38 nations are taking part in the exercise, which involves protecting real computer systems from real-time attacks and simulating tactical and strategic decisions in critical situations.
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
Google Translate
Portuguese NATO documents caught for sale on the darkweb
The extent of the damage is still being investigated by the National Security Office, but suspicions of the breach of security that facilitated the exfiltration of secret NATO documents fall on EMGFA, secret military and MDN computers.
The hacker group Killnet claimed the attacks against Italy. How it's possible to detect the activities of the Mirai botnet used through Falco
