On December 9, the US DOJ issued an indictment charging a Ukrainian citizen for her role in conducting two cyber-attacks against US critical infrastructure, working for cyber group (CARR) that was founded, funded, and directed by Russia's GRU. Both cyber-attacks occurred in 2024 and caused kinetic damage.
The first attack was in April 2024, against water utilities in Texas, California, and other states, and resulting in "damage to controls and the spilling of hundreds of thousands of gallons of drinking water."
The second cyber-attack was in November 2024 -- which falls within the time window of this question (which started on October 4, 2024) -- against a meat processing facility in Los Angeles, resulting in "the spoiling of thousands of pounds of meat and triggering an ammonia leak in the facility."
Once again this is clear evidence that the GRU (and other Russian security entities) are actively conducting cyber-attacks against US and NATO infrastructure with the intent to cause kinetic damage. Cyber- attacks like these and the other ones that I and others have cited strongly suggest to me that Russia does not believe that cyber-attack against NATO infrastructure would trigger NATO to invoke Article V. Given disunity within NATO these days, Russia is likely correct in this assumption.
In my opinion, the only reason the 2nd attack doesn't trigger a "yes" resolution to this question is because it was against the food processing industry/infrastructure rather than against energy or transportation infrastructure.
Wondering how these events (and especially the 2nd one, which happened after the question had already started) had flown under our radar so far... No news coverage, maybe?
The Texas Incident: The April 2024 attack was generally reported as a more localized or technical event, such as a "water tank overflowing." The GRU connection and the threat to critical infrastructure became clearer months later in specialist journals (such as CSO Online) and federal warnings (CISA/EPA).
LA Incident: The November 2024 attack may have escaped general public attention due to the approaching Christmas and New Year holidays (late November). However, most importantly, the definitive state-sponsored connection to the attack became major news approximately a year later, in December 2025, when the indictment was released. This strengthens the possibility of "secrecy" or "lack of details due to national security reasons" at the time of the initial attack.
All officially announced related news dates back to December 9-10 2025.
Your comment seems to reinforce the impression that, save for the last few days, the said events had not gathered any notable news coverage at the time they happened (or shortly after, anyway).
I wonder what this may imply here; it seems we may be in for a possible delayed retroactive resolution, e.g. a situation where we learn for an eligible event only well after it had happened, and resolve the question positively with a resolution date well in the past...
Unfortunately, attribution and resolution in cyber attacks may come years after the event. Or maybe never. @geoffodlum makes a great point. When the Trump administration hardly spares a day without belittling our allies, the Article V commitments mean nothing
However in this year's National Defense Authorization Act, Congress prohibited the withdrawal of US troops from Europe without Congressional authorization. And Ukraine and The Baltic Security Initiative were funded albeit at reduced levels.
While these attacks are ongoing, wouldn't one expect such an attack to occur in conjunction with a major military operation. Isn't the declared willingness of NATO to retaliate a deterrent?
These attacks increase in frequency and intensity and I am going to re evaluate my forecast.
The attack did not involve transportation or energy infrastructure. Little solace. otherwise it qualifies. so far they have not taken down a power plant, since Ukraine in 2015. so far ....
On December 9, the US DOJ issued an indictment charging a Ukrainian citizen for her role in conducting two cyber-attacks against US critical infrastructure, working for cyber group (CARR) that was founded, funded, and directed by Russia's GRU. Both cyber-attacks occurred in 2024 and caused kinetic damage.
The first attack was in April 2024, against water utilities in Texas, California, and other states, and resulting in "damage to controls and the spilling of hundreds of thousands of gallons of drinking water."
The second cyber-attack was in November 2024 -- which falls within the time window of this question (which started on October 4, 2024) -- against a meat processing facility in Los Angeles, resulting in "the spoiling of thousands of pounds of meat and triggering an ammonia leak in the facility."
https://www.justice.gov/opa/pr/justice-department-announces-actions-combat-two-russian-state-sponsored-cyber-criminal
https://www.epa.gov/newsreleases/foreign-national-indicted-and-extradited-united-states-role-two-russia-linked-cyber
Once again this is clear evidence that the GRU (and other Russian security entities) are actively conducting cyber-attacks against US and NATO infrastructure with the intent to cause kinetic damage. Cyber- attacks like these and the other ones that I and others have cited strongly suggest to me that Russia does not believe that cyber-attack against NATO infrastructure would trigger NATO to invoke Article V. Given disunity within NATO these days, Russia is likely correct in this assumption.
In my opinion, the only reason the 2nd attack doesn't trigger a "yes" resolution to this question is because it was against the food processing industry/infrastructure rather than against energy or transportation infrastructure.
Great catch Geoff, thanks!
Wondering how these events (and especially the 2nd one, which happened after the question had already started) had flown under our radar so far... No news coverage, maybe?
https://patch.com/california/los-angeles/russia-backed-hacker-ruined-2-000-pounds-meat-la-county-cyberattack-doj
https://www.theregister.com/2025/12/10/pro_russia_hacktivist_charged/
https://therecord.media/doj-cisa-warn-russia-hackers-targeting-critical-infrastructure
Why Might It Have Been Overlooked in the News?
The Texas Incident: The April 2024 attack was generally reported as a more localized or technical event, such as a "water tank overflowing." The GRU connection and the threat to critical infrastructure became clearer months later in specialist journals (such as CSO Online) and federal warnings (CISA/EPA).
LA Incident: The November 2024 attack may have escaped general public attention due to the approaching Christmas and New Year holidays (late November). However, most importantly, the definitive state-sponsored connection to the attack became major news approximately a year later, in December 2025, when the indictment was released. This strengthens the possibility of "secrecy" or "lack of details due to national security reasons" at the time of the initial attack.
All officially announced related news dates back to December 9-10 2025.
Thank you @grainmummy
Your comment seems to reinforce the impression that, save for the last few days, the said events had not gathered any notable news coverage at the time they happened (or shortly after, anyway).
I wonder what this may imply here; it seems we may be in for a possible delayed retroactive resolution, e.g. a situation where we learn for an eligible event only well after it had happened, and resolve the question positively with a resolution date well in the past...
Unfortunately, attribution and resolution in cyber attacks may come years after the event. Or maybe never. @geoffodlum makes a great point. When the Trump administration hardly spares a day without belittling our allies, the Article V commitments mean nothing
However in this year's National Defense Authorization Act, Congress prohibited the withdrawal of US troops from Europe without Congressional authorization. And Ukraine and The Baltic Security Initiative were funded albeit at reduced levels.
While these attacks are ongoing, wouldn't one expect such an attack to occur in conjunction with a major military operation. Isn't the declared willingness of NATO to retaliate a deterrent?
These attacks increase in frequency and intensity and I am going to re evaluate my forecast.
Exclusive: US suspends some efforts to counter Russian sabotage as Trump moves closer to Putin - https://www.reuters.com/world/us-suspends-some-efforts-counter-russian-sabotage-trump-moves-closer-putin-2025-03-19/
The attack did not involve transportation or energy infrastructure. Little solace. otherwise it qualifies. so far they have not taken down a power plant, since Ukraine in 2015. so far ....