Baltic Sea Cable Sabotage 2024–2025: When Ships Became Weapons
Baltic Sea Cable Sabotage 2024–2025: When Ships Became Weapons
Analysis based on GeoCables monitoring data and public incident reports, March 2026 Between November 2024 and January 2025, at least seven submarine cables and pipelines in the Baltic Sea were damaged in suspicious incidents. The pattern of vessels dragging anchors across submarine cable routes — has transformed how governments and network operators think about submarine cable security. GeoCables monitors several cables in this region and has direct measurement data from routes passing through the Baltic corridor.The Incidents
October 2023: The vessel Newnew Polar Bear dragged its anchor for over 160km along the seabed, severing the Balticconnector gas pipeline between Finland and Estonia, and damaging a telecommunications cable. Finnish authorities later found anchor paint matching the vessel at the damage site. November 17, 2024: The BCS East-West Interlink cable connecting Sweden and Lithuania was cut, reducing Lithuania's international internet capacity by approximately 20%. November 18, 2024: The C-Lion1 cable connecting Finland to Germany was damaged. Two cuts on consecutive days, both in the Baltic, involving vessels with opaque ownership structures. December 25, 2024: The Estlink 2 power cable connecting Estonia to Finland was damaged by the Eagle S December 31, 2024: The FEC-1 cable connecting Finland to Estonia — operated by Elisa Corporation — was damaged. Finnish Border Guard mobilized within hours, intercepting the responsible vessel. January 2025: Additional incidents continued, prompting NATO to establish Baltic Sentry — a multinational naval patrol specifically to protect underwater infrastructure.The Gray Zone Tactic
What makes these incidents strategically significant is their deniability. Dragging an anchor across a cable is technically an accident — it happens legitimately dozens of times per year from fishing vessels and commercial shipping. A state actor can damage critical infrastructure while maintaining plausible deniability that it was intentional. The Newnew Polar Bear case is illustrative: Beijing initially denied involvement, then acknowledged the vessel was responsible but attributed it to "bad weather." The anchor paint on the cable, the vessel's unusual route, and its recent transit of Russia's Northern Sea Route all pointed to deliberate action — but proving intent in international waters remains extraordinarily difficult.Why the Baltic Is Vulnerable
The Baltic Sea's geography makes it uniquely exposed to this threat: Shallow water: Most of the Baltic is 50–100 meters deep, far shallower than the deep ocean where most transoceanic cables are buried. Shallow water makes cables more accessible to anchor damage — intentional or otherwise. Dense cable concentration: Numerous cables connecting Nordic and Baltic states pass through the same relatively narrow sea basin. The Great Belt, Little Belt, and Øresund — the only exits from the Baltic — are particularly congested chokepoints. Limited redundancy: Unlike Western Europe or the US East Coast, the Baltic states have fewer redundant cable paths. Lithuania losing 20% of international capacity from a single cut is a vulnerability that would be unthinkable for Germany or France.What Our Measurements Show
GeoCables' Belarus probe provides direct visibility into Baltic routing. Our traceroute from Minsk to South Korea (200ms via Moscow and Hong Kong) shows a critical waypoint: hop 7 in Tallinn, Estonia via RETN Limited (AS9002). This is the same corridor that was targeted. The Minsk→Tallinn→Frankfurt path that carries our Belarus→Asia traffic passes through the exact region where cables were being cut. During the November 2024 incidents, network operators reported increased latency on Baltic routes as traffic was rerouted around damaged segments. The Belarus→Japan route (273ms) also uses this corridor — entering Western European networks via Tallinn before NTT America takes over in Frankfurt. These are not hypothetical vulnerabilities; they are the actual paths that real traffic takes.NATO's Response: Baltic Sentry
The accumulation of incidents prompted unprecedented military involvement in cable protection. Operation Baltic Sentry, launched in early 2025, involves: - Multinational naval patrols specifically tasked with monitoring vessels near cable routes - Enhanced surveillance of the AIS (Automatic Identification System) transponder data - Coordination between Nordic and Baltic coast guards - EU action plan for subsea cable security (published February 2025) The EU plan focuses on prevention, detection, response, and deterrence — acknowledging that the threat of state-sponsored cable damage has moved from theoretical to operational.The Broader Implications
The Baltic incidents represent a new phase in hybrid warfare. Critical infrastructure that was previously considered too diffuse and too difficult to attack is now being systematically targeted. The key insights: Cables are not hidden. TeleGeography's public submarine cable map — the same data that powers GeoCables — shows exactly where every major cable runs. Anyone with internet access can identify the most vulnerable points. Repair takes time. Even in politically stable waters, cable repairs take 2–4 weeks from fault detection to restoration. In contested or dangerous waters, months can pass. Redundancy is uneven. Europe's densely cabled western coast can absorb multiple simultaneous cuts. The Baltic states, Taiwan, and many developing nations have no such luxury. GeoCables monitors the health of cables in the Baltic corridor. You can track current status via our Health Monitor →.Our Belarus→Korea route (200ms) passes through Tallinn — the exact corridor targeted in the 2024–2025 incidents. View route analysis →