Two Arrested for Setting Fire to Train in Latvia on Russia’s Orders

Latvia's security service reports two individuals torched a train and railway equipment in August while working for Russian interests. The attack is part of a broader pattern of Russian-linked sabotage targeting European infrastructure since the Ukraine invasion began.

Two individuals working on behalf of Russian interests deliberately torched a train and railway infrastructure in Latvia during August, according to an announcement Wednesday from Latvia’s State Security Service. This incident represents the most recent example in a growing pattern of attacks on critical European infrastructure that Western officials attribute to Russia.

According to the security service, the perpetrators ignited both the train and several railway relay cabinets — control boxes containing equipment that manages train operations — while recording their destructive actions. The footage was subsequently transmitted to those who ordered the arson, who then exploited it for propaganda by falsely claiming the fires occurred in Ukraine, officials stated.

This August arson attack joins at least 151 documented cases of sabotage and hostile activities throughout Europe that The Associated Press has tracked and Western officials have connected to Russia following Moscow’s February 2022 invasion of Ukraine. According to officials, these attacks aim to weaken European support for Ukraine, create fear and division within European communities, and exhaust investigative resources. Russia frequently employs intermediaries for such operations, with some perpetrators claiming ignorance about their connection to Moscow.

Polish officials reported in November that Russian intelligence services orchestrated multiple sabotage incidents targeting a railway line used for delivering assistance to Ukraine.

Polish Prime Minister Donald Tusk announced in January that hackers “directly linked to the Russian services” attacked two combined heat and power facilities serving nearly half a million customers, along with numerous wind and solar energy installations.

Danish authorities disclosed in December that Russian cyberattacks during 2024 on a water utility resulted in some residences losing water service, while Norwegian police reported in August that pro-Russian hackers remotely activated a dam valve, causing water to flow out.

These cyber incidents highlight European critical infrastructure’s susceptibility and represent part of a troubling pattern indicating Moscow is taking a “more aggressive posture” toward European nations it considers opponents, according to Ciaran Martin, former director of the U.K.’s National Cyber Security Centre.

This approach includes “cyber-kinetic” operations where Russian-affiliated hackers modify system parameters to create physical consequences — such as changing water flows, Martin explained to AP.

Italian authorities are also examining the sabotage of several high-speed rail lines on the opening day of the Milan-Cortina Winter Olympics in February. The ANSA news agency reported that infrastructure was burned or severed, affecting thousands of travelers. Italy’s Foreign Minister Antonio Tajani stated that cyberattacks originating from Russia also targeted the Winter Olympics, including Games-related websites, Cortina hotels, and foreign ministry platforms.

France’s high-speed rail network also suffered sabotage in 2024 on the summer Olympic Games’ opening day. Neither Italy nor France has formally blamed Russia for the railway sabotage. The Kremlin has previously denied to the AP any participation in a sabotage campaign.