Ninety-nine percent of the world’s intercontinental data travels through fibre-optic cables the diameter of a garden hose, laid on the seabed and unguarded. Since 2022, the Baltic Sea has become the place those cables get severed with striking regularity — part of what has become the emerging front of geopolitical infrastructure warfare. Seven of about ten Baltic incidents occurred between November 2024 and January 2025. Here is why.
What undersea cable incidents have occurred in the Baltic Sea since 2023?
In October 2023, the Balticconnector pipeline and a data cable between Finland and Estonia were damaged after the Newnew Polar Bear dragged its anchor 100 nautical miles.
On 17 November 2024, BCS East-West Interlink was cut, reducing a fifth of Lithuania’s internet capacity. C-Lion1 was severed the next day. The Yi Peng 3 from Ust-Luga was over both routes. On Christmas Day, the Eagle S dragged 62 nautical miles, severing EstLink 2 and four data cables. Finnish authorities found transmitting gear aboard. In December 2025 the Fitburg left a 10-kilometre scar. In January 2026 a vessel sailed over an inactive cable before turning toward BCS East.
Median anchor-drag exceeds 60 kilometres. One incident could be chance. Seven in three months, shadow-fleet vessels each time, is not. So why now?
Why are undersea cables being systematically targeted now?
More than 500 cables carry 99% of intercontinental data. The Nord Stream sabotage in September 2022 was the opening. Russia has since turned to grey-zone tactics, operating below armed conflict to avoid NATO Article 5. Cable sabotage damages while preserving deniability, alongside GPS jamming, drone incursions, arson, and cyber operations. The Red Sea cuts at Bab el-Mandeb severed four cables in early 2024. Narrow corridors where density and tension overlap are vulnerable. The Baltic is the most concentrated. What makes it so exposed?
Why is the Baltic Sea specifically so vulnerable to cable sabotage?
The Baltic’s average depth is 55 metres. In deeper seas, cutting a cable requires submersibles. Here, a standard anchor reaches any cable. Chokepoints compound this: only three Danish Strait passages force roughly 4,000 vessels daily into constrained routes. More than 35 submarine cables share the seabed with pipelines, interconnectors, and wind cables. The Gulf of Finland concentrates the risk: Helsinki-Tallinn cables and EstLink run in parallel, with Russian ports hours away. Then there is the law. Cables transit EEZs, territorial seas, and international waters. The Eagle S case was dismissed in October 2025 because the damage occurred in Finland’s EEZ, not territorial waters. Geography makes attacks simple. Law makes prosecution unreachable. Exploiting both is Russia’s fleet.
How does Russia’s shadow fleet enable undersea cable sabotage?
Russia’s shadow fleet comprises roughly 600 vessels with opaque registration. Cook Islands flags, AIS spoofed or disabled, shell-company ownership — these are what cable sabotage uses to remain between accident and act of war. At least 50 Russian-linked ships have operated without AIS. The Eagle S (see above) flew a Cook Islands flag and was registered in the UAE. The captain was instructed via radio to destroy cable charts. The Fitburg carried sanctioned Russian steel. Both were detained. Neither detention reached Moscow. Catching the ship isn’t proving who sent it.
How to assess whether an undersea cable incident was accidental or deliberate sabotage?
Three indicators matter. First, anchor-drag: accidental marks are metres; the Yi Peng 3 dragged roughly 300 kilometres. Second, AIS: disabling transponders near cables and reappearing past the route is inconsistent with innocent passage. The January 2026 Liepāja incident showed a vessel sailing over an inactive cable before turning toward the active one. Third, provenance: Russian port departures, Cook Islands flags, shell companies, sanctions evasion shift probability from accident toward sabotage. The prosecution gap remains wide. If attacks cannot be deterred, what happens next?
How long does it take to repair a damaged undersea cable?
Optical time domain reflectometry locates the break. A repair vessel is mobilised from roughly 75 ships. Grapnel hooks retrieve the segment; replacement sections are spliced, each joint up to 16 hours. Restoration takes at least 14 days; the global median is 40. A new vessel costs over €50 million, and the market is sized for routine faults. Redundancy helps: well-connected states reroute instantly. The EU’s €347 million subsea package is a start, not a fix.
What are cable landing stations and why are they considered the weakest physical nodes?
Cable landing stations connect submarine cables to terrestrial networks. They are unremarkable coastal buildings in Helsinki, Stockholm, Tallinn, and Liepāja. One station terminates multiple cables, so ground-level access can sever several connections. Physical security is the cable owner’s responsibility, not the state’s, and most lack hardened perimeters. The January 2026 Liepāja incident, where the suspect vessel docked next to the damaged station, shows how port proximity blurs maritime and shore-based vulnerability. The seabed gets the attention. The shore may be next.
The Baltic became the epicentre because its geography, Russia’s fleet, and the region’s legal architecture form a self-reinforcing system. Shallow water makes attacks simple. Spoofed transponders and shell companies make them unattributable. A patchwork of jurisdictions makes prosecution unreachable. The incidents are not scattered accidents. They are a strategy. This article has examined why the Baltic is uniquely exposed; the broader strategic context of undersea cable security reveals how this vulnerability fits into a global pattern of infrastructure warfare. And geography is only the starting point: the vessels and methods driving the Baltic’s attack surge are the next piece of the puzzle.
Frequently Asked Questions
What actually happens to internet traffic when a Baltic cable is severed?
Internet traffic does not stop; it reroutes. Modern cable networks are built as meshes, so when a cable like C-Lion1 between Finland and Germany is cut, data automatically shifts to alternative routes across Sweden, Denmark, or Poland. This occurs in milliseconds. Baltic nations with fewer backup cables experience slower speeds and higher latency during repairs, but connectivity is not lost entirely.
Can the internet survive without undersea cables? Don’t satellites handle most traffic?
No, satellites carry less than one percent of intercontinental data. Undersea cables move approximately 99 percent of all international internet traffic, including financial transactions, diplomatic communications, and everyday browsing. Satellites serve remote regions and broadcast applications, but their bandwidth is a tiny fraction of a fibre-optic cable’s capacity. The global internet is a seabed network, not a space-based one.
Has NATO ever treated a cable cut as an Article 5 attack?
No. NATO has never invoked Article 5, its collective defence clause, in response to undersea cable sabotage. The alliance’s January 2025 Baltic Sentry mission represents a step change: increased naval patrols, surveillance drones, and a dedicated maritime watch. However, the ambiguous nature of grey-zone attacks, designed to fall below the threshold of armed conflict, has so far kept Article 5 off the table.
Who owns the undersea cables in the Baltic Sea, and who is responsible for protecting them?
Almost all Baltic undersea cables are privately owned, typically by telecommunications consortiums and specialist cable operators such as Arelion, Cinia, and Elisa Corporation. Governments do not own them, and protection is overwhelmingly the cable owner’s financial responsibility. This creates a structural gap: the operator bears the repair cost, while the state bears the strategic consequence of lost connectivity.
Why can’t cables simply be buried deeper in the seabed to prevent anchor damage?
Cable burial is possible but not a complete solution. Standard ploughs trench cables one to two metres into soft sediment, which protects against fishing gear but not a multi-tonne ship anchor dragged for kilometres. In the Baltic’s hard glacial seabed, burial is technically difficult and expensive. Even buried cables are vulnerable when anchors penetrate deeper than the trench or when the cable crosses bedrock where trenching is impossible.
Is the Baltic the only region facing this threat, or are other parts of the world also at risk?
The Baltic is the most active theatre but not the only one. The February 2024 Red Sea cable cuts at the Bab el-Mandeb chokepoint severed multiple cables connecting Europe to Asia, demonstrating that any narrow maritime corridor where cable density and geopolitical tension overlap is vulnerable. The South China Sea, the Strait of Malacca, and waters around Taiwan are assessed as high-risk zones with similar geographic and strategic profiles.
What is the economic cost of a single undersea cable cut?
A single cable repair typically costs between one and three million euros, but the indirect economic cost is far larger. Financial markets rely on cable routes for low-latency transactions, and even brief rerouting adds milliseconds that algorithmic trading systems cannot tolerate. For a cable serving multiple nations, the disruption to banking, cloud services, and enterprise connectivity can accrue losses in the tens of millions daily.
Can cable damage be detected in real time before the anchor has finished dragging?
Not with standard monitoring. Most cable operators detect a break only after the optical signal is lost, triggering an optical time domain reflectometry scan to locate the fault. Distributed acoustic sensing (DAS) technology can theoretically detect the sound of an approaching anchor while it is still dragging, but DAS is not widely deployed on Baltic cables. Current detection is reactive, not preventative.
What is actually being done right now to stop further sabotage?
The primary response is NATO’s Baltic Sentry mission, launched in January 2025, which deploys frigates, patrol aircraft, and naval drones to monitor cable corridors. The EU has committed 347 million euros to subsea infrastructure resilience for 2026 to 2027, including a 20 million euro rapid repair pilot. Finland and Sweden have also tightened port inspection regimes, particularly for vessels departing from Russian ports with shadow-fleet characteristics.
Are fishing trawlers ever involved in cable damage, or is it always shadow-fleet vessels?
Fishing trawlers do damage cables accidentally, particularly in shallow waters where bottom trawling overlaps with cable routes, and such incidents have been recorded for decades. The Baltic’s recent sabotage cluster is distinguished by extreme anchor-drag distances exceeding 60 kilometres and systematic AIS manipulation, neither of which is consistent with fishing activity. Accidental trawler damage and deliberate anchor sabotage are operationally distinct.
What would it take to prove Russia is behind these attacks?
Proving state direction requires evidence of a direct order, official knowledge, or operational control, which is almost impossible to obtain without intelligence penetration or a defector. Even when a vessel is caught in the act, as with the Eagle S, ownership layering through shell companies and opaque flag registrations severs the legal chain to Moscow. Attribution under criminal standards of proof remains the central unsolved problem.
What happens if multiple Baltic cables are cut simultaneously?
A coordinated multi-cable attack would be significantly more disruptive than a single cut. While well-meshed nations such as Germany and Sweden would retain connectivity, Estonia, Finland, and Latvia, which have fewer alternative routes across the Gulf of Finland and the eastern Baltic, could experience meaningful internet degradation. Simultaneous cuts to power interconnectors like EstLink would compound the impact by affecting electricity supply.
