Russia Tests European Resolve

Welcome to the Audere Atlas, the Audere Group’s fortnightly update on global geopolitical trends, how we engage with them, and what they mean for your organisation.

This week we examine recent Russian provocations and aerial incursions into European airspace, and how these fit into a larger pattern of sabotage operations aimed at testing NATO unity and intimidating European citizens. The asymmetric attacks have threatened civilian targets as freely, if not more, than military ones, highlighting the risk to that this escalating grey zone competition poses to the private sector.

The Audere Atlas offers timely, actionable insights that both support key decision-making and highlight areas for further exploration and understanding.

The Bottom Line

As Russia escalates grey-zone activities in Europe—including NATO’s largest recorded airspace violation—drone incursions, aerial breaches, and undersea espionage are challenging allied cohesion at a time of uncertain US commitment. These actions reveal significant vulnerabilities in Europe’s critical infrastructure, with implications for both national security and business continuity.

The Brief

As Russia’s war in Ukraine grinds into a stalemate, and US President Donald Trump calls on Europe to take on more of its defence burden, the Kremlin has accelerated its grey-zone campaign against Europe. On 9 and 10 September, a swarm of approximately twenty-four Russian drones crossed into Polish airspace. Several penetrated hundreds of kilometres deep into Poland. While none ultimately threatened civilian or military infrastructure, at least five of their flight paths indicated a deliberate targeting of Rzeszów-Jasionka Airport, NATO’s critical logistics hub for Ukraine. The incident, which marked the single largest violation of NATO airspace in the Alliance’s history, was unambiguously described by Prime Minister Donald Tusk as a “large-scale provocation”.

The pattern of escalation did not stop in Poland. Three days later, a Russian-made drone entered Romanian airspace. Then, on 19 September, three Russian MiG-31 fighter jets traversed Estonian airspace, lingering for twelve minutes in what was the most serious such violation in over twenty years. Within the same week, unidentified quadcopter drones appeared over Copenhagen and Oslo airports, forcing the temporary closure of both. In Denmark, sightings spread to Aalborg, Esbjerg, Sønderborg and Skrydstrup airports, as well as the Jutland Dragoon Regiment base. While a concrete connection to Russia remains tobe proven, Danish Defence Minister Troels Lund Poulsen described the campaign as a “systematic hybrid attack,” while Prime Minister Mette Frederiksen called it the most serious threat to Danish critical infrastructure in decades, refusing to rule out foreign involvement.

These incursions highlight a Kremlin strategy of probing defences, identifying vulnerabilities, and spreading insecurity. NATO states are forced to expend costly resources against cheap, often ambiguous provocations. The Polish incursion underlined the cost asymmetry of this new contest. Constructed from plywood and Styrofoam and costing €10-12,000 each, the Russian drones were shot down by Polish and Dutch jets firing air-to-air missiles, costing several hundred thousand dollars. A repetition of such tactics at scale risks depleting allied inventories, not to mention budgets.

In response to the incursions, Poland and Estonia each invoked Article 4 of NATO’s Washington Treaty, triggering urgent consultations among allies. NATO soon announced Operation Eastern Sentry, raising its air policing levels and reinforcing the eastern flank with AWACS, F-16s and Patriot batteries. NATO officials have requested a 400% increase in air andmissile-defence capabilities, and some allies have begun exploring new, in some cases futuristic solutions (these range from air-to-air optimised precision-guided rockets for the Eurofighter Typhoon to directed-energy weapons such as the Apollo high-energy laser). But by increasing the frequency of incidents, Russia seeks to normalise them, eroding public confidence in allied security guarantees. Before this year, NATO had only invoked Article 4 on 7 occasions in its entire history.

^{Figure1: Russian sabotage operations affect the whole of Europe: The Economist}

This dynamic reflects a wider grey-zone playbook that includes GPS jamming across the Baltics, disinformation campaigns, and covert sabotage. A study by the International Institute for Strategic Studies found confirmed incidents of Russian sabotage against European critical infrastructure rose by 246% between 2023 and 2024, much of it directed at maritime and water facilities.

Beyond the air and cyber domains, Russia’s espionage has extended under the sea. The Financial Times recently documented how the Russian vessel Yantar, operated by the secretive GUGI deep-sea directorate, loitered over subsea cables in the Irish Sea, the North Sea and around Svalbard. These cables carry99% of UK digital communications and three-quarters of its gas imports. Western intelligence officials believe Yantar is capable of both tapping and planting explosives on cables, mapping vulnerabilities for potential sabotage in the event of escalation.

The political context has sharpened the risks. US President Donald Trump initially downplayed the Polish drone incident as a possible mistake, but days later urged NATO allies to shoot down intruding Russian aircraft and drones. This rhetorical whiplash creates dangerous ambiguity. Moscow may calculate that Washington is disengaging, and test whether European states will act decisively without a clear American backstop. The precedent of November2015, when Turkiye shot down a Russian Su-24 that briefly crossed its airspace, is a reminder of how quickly a single probe can spiral into crisis.

^{Figure 2: Russian sabotage operations are on the rise: The Economist}

So What?

The surge in Russian hybrid activity is not a security concern for governments alone. It threatens businesses operating across Europe. Drone incursions forced the closure of major airports in Poland, Denmark and Norway, disrupting passenger flows and air freight. Energy and telecommunications networks are exposed to undersea surveillance and potential sabotage. Hospitals, transport networks and utilities face increasing risk from GPS jamming, cyber-attacks, and drone interference.

The implications for critical infrastructure are acute. Airports remain highly vulnerable, since standard radars cannot easily detect small drones and law enforcement is reluctant to shoot them down near populated areas. Subsea cables represent another weak point. A single cable cut can paralyse digital services, financial transactions and cloud operations across an entire region. Pipelines, ports, and energy grids are equally attractive targets, offering Moscow opportunities to cause outsized disruption at low cost.

For corporate leaders, continuity and crisis-preparedness are now board-level responsibilities. The Danish government’s decision to ban all civil drones during European summits in Copenhagen demonstrates how quickly authorities can impose sweeping restrictions with economic consequences. Firms must plan for operational interruptions even far from NATO’s front line.

Audere Group is uniquely positioned to support clients in preventing exposure. Supply chain investigations can uncover vulnerabilities in critical systems, while our analysis of grey-zone tactics can support scenario planning to anticipate and prepare for escalation. Security risk management and crisis-planning services ensure that organisations can respond effectively to possible sabotage, from the spectacular (drone incursions and subsea sabotage)to the more everyday but every bit as pernicious (cyber-physical disruption).

The lesson is that Russia’s hybrid warfare is designed to blur the line between state security and commercial vulnerability. NATO states are considering constructing a ‘drone wall‘ of integrated defences across Europe, but the private sector cannot afford to wait. The task for businesses is to harden resilience now—treating hybrid threats as operational variables rather than theoretical risks. Audere helps clients achieve this by combining intelligence, investigation and crisis management to protect assets, operations and reputations in an increasingly contested European security landscape.

Keen to Know More?

The Audere Group is an intelligence and risk advisory firm offering integrated solutions to companies in complex situations.

We specialise in mitigating the financial, reputational and physical risks faced by our clients in markets across the world through a 360-degree range of services incorporating security advisory, crisis management and strategic intelligence to inform decision making around transactions, supply chains and disputes.

Contact us to learn how our bespoke risk advisory services can work with your unique circumstances to navigate high-risk environments and changing landscapes through the provision of hard-to-reach intelligence and clear analysis.

_{Disclaimer: The content of this report is for informational purposes only and does not constitute legal or financial advice. For further details or specific inquiries, please reach out to our team directly.}