From a Vilnius Warehouse to the Leipzig DHL Ramp: A Trial That Is Changing the View on the Protection of European Logistics Infrastructure

29. apríla 2026

On 17 April 2026, a trial began at the District Court in Vilnius that is shifting the European debate on the protection of critical infrastructure from the technical level to a very concrete one. Five men are charged with sending, in July 2024, in cooperation with the Special Tasks Department of the Russian military intelligence service GRU, incendiary parcels via DHL and DPD from Vilnius to the air hub in Leipzig, to Poland and to the United Kingdom. The head of the German counter-intelligence service BfV stated that only a flight delay prevented an in-flight detonation that could have destroyed a cargo aircraft.

Anatomy of one parcel


The investigation was led by a Joint Investigation Team coordinated by Eurojust, bringing together Lithuania, Poland, Germany, the Netherlands and the United Kingdom, as well as Estonia, Latvia, the United States, Canada and Europol. Twenty-two persons were identified, and international arrest warrants were issued for a further five. The modus operandi was simple, and all the more dangerous for it. Recruitment through encrypted applications, the dispatch of test parcels to the United States and Canada, incendiary devices disguised as ordinary packages. In July 2024, two parcels ignited directly at the DHL air hub in Leipzig, others ended up in Poland and the United Kingdom, and two further parcels were found in Amsterdam.


The Vilnius trial does not stand alone. In March 2026, Latvia reported acts of arson on railway infrastructure. On 15 April 2026, Minister for Civil Defence Carl-Oskar Bohlin and the Swedish Security Service Säpo publicly confirmed that a pro-Russian group with links to Russian intelligence services had attempted in spring 2025 to carry out a destructive intrusion into the operational environment of a heating plant in western Sweden. The attack failed thanks to a built-in protective mechanism, but Bohlin described it as a shift by the Kremlin from symbolic DDoS actions to destructive OT operations. The Associated Press and Säpo record more than 150 incidents of a hybrid nature in the EU and NATO since February 2022.


Why this matters for Slovakia


Slovakia is part of the same aviation, road and courier geography as Leipzig. The Leipzig transit zone also handles consignments destined for the Slovak market, and Slovak airports and logistics centres share processes, and often the same operators, with their German counterparts. The transport sector is listed in Annex No. 1 to Act No. 367/2024 Coll. on Critical Infrastructure. The deadline of 17 July 2026, by which central bodies of state administration must identify critical entities, is an opportunity to broaden the scope beyond traditional facilities. The identification must also cover logistics hubs, courier companies, airport cargo operations and road corridors, not only power plants and waterworks.


Directive of the European Parliament and of the Council No. 2022/2557 on the resilience of critical entities, that is, the CER Directive, explicitly places physical resilience on the same footing as cyber resilience. An incendiary parcel at an air hub is not technically a cyber attack, but its impact on critical infrastructure is just as real as that of a ransomware attack. On the contrary, the physical and cyber layers of threats overlap. The joint advisory of eighteen agencies of 7 April 2026, which was co-signed by the National Security Authority of the Slovak Republic together with the Slovak Information Service and Military Intelligence, showed that the same GRU which had prepared the parcels for Leipzig is also running the cyber campaign APT28 against government networks in the Czech Republic, Poland, Lithuania and Slovakia.


The quiet people behind the scanners


In July 2024, when the first parcels caught fire at the Leipzig DHL hub, the response was provided not by politicians or generals, but by operators, technicians, the fire brigade and the security service of the air hub. Their rapid response limited the damage. This detail matters, because it is precisely such a capacity to absorb an incident without a visible impact on the end consumer that makes critical infrastructure resilient. Hundreds of people in equivalent positions work in Slovakia as well, in the energy sector, water management, transport and telecommunications, in the cargo operations of the Bratislava, Košice and Sliač airports, and in the logistics hubs of Žilina and Bratislava. The public rarely hears about their work, and that is paradoxically a sign that they are doing it well.


“The Vilnius trial reminds us that critical infrastructure is not only a power plant or a data centre. It is also the last mile of the courier and the conveyor belt at the air hub. If Slovakia fails to identify, by 17 July 2026, also logistics and air-cargo hubs as critical entities under Act No. 367 of 2024, it will react only when it is too late. The hybrid threat does not rely on a single technology; it relies on the gap between sectors that perceive themselves as separate from one another,” says Tibor Straka, President of the Critical Infrastructure Association of the Slovak Republic.


Looking ahead


For Slovak critical infrastructure, the Vilnius trial is a reason for preparedness rather than for concern. Slovakia has a functioning institutional environment, adopted laws and a framework of cooperation in place. Act No. 367/2024 Coll. introduces requirements for the resilience of critical entities, Act No. 366/2024 Coll. transposes the NIS 2 Directive and sets out specific security measures, and Decrees of the National Security Authority No. 226 and No. 227 of 2025 bring enforceable obligations. The National Cybersecurity Strategy for 2026 to 2030 provides this effort with a strategic framework.


What distinguishes prepared countries from those that are caught off guard is not a difference in the level of threat. That is currently fairly even across Europe. The difference lies in the speed with which operators recognise suspicious activity and respond to it before it becomes visible to the public. The Critical Infrastructure Association of the Slovak Republic (AKI SR), as a professional platform and a strategic partner of the National Security Authority, helps its members bridge the gap between legislative obligations and genuine operational preparedness in the energy, transport, logistics, healthcare and digital infrastructure sectors. The Vilnius trial has only just begun, but its strategic message is already unequivocal. The protection of critical infrastructure is also decided on the ramp of an air hub.

Z vilniuského skladu na rampu lipského DHL: proces, ktorý mení pohľad na ochranu európskej logistickej infraštruktúry

29. apríla 2026
Na Okresnom súde vo Vilniuse sa 17. apríla 2026 začal proces, ktorý posúva európsku diskusiu o ochrane kritickej infraštruktúry z roviny technickej do roviny veľmi konkrétnej. Päť mužov je obvinených z toho, že v júli 2024 v spolupráci s Oddelením špeciálnych úloh ruskej vojenskej spravodajskej služby GRU posielali zápalné zásielky cez DHL a DPD z Vilniusu do leteckého uzla v Lipsku, do Poľska a do Veľkej Británie. Šéf nemeckej kontrarozviedky BfV uviedol, že len omeškanie letu zabránilo detonácii vo vzduchu, ktorá mohla zničiť dopravné lietadlo.

Cyber Resilience Act enters the operational phase: what was said at KYBER2026 and what Slovakia must complete before 11 September 2026

28. apríla 2026
The KYBER2026 conference of the National Security Authority and SK-CERT, held on 27 and 28 April 2026 at Hotel Sitno Vyhne, confirmed what operators of essential services and critical entities had already suspected since the beginning of the year. 2026 is not a year of preparation — it is a year of demonstrable functionality. At the centre stands Regulation (EU) 2024/2847 of the European Parliament and of the Council on cyber resilience, which reaches its first hard milestone on 11 September 2026: mandatory reporting of actively exploited vulnerabilities and significant incidents through ENISA's Single Reporting Platform.

Cyber Resilience Act vstupuje do prevádzkovej fázy: čo zaznelo na KYBER2026 a čo musí Slovensko stihnúť do 11. septembra 2026

28. apríla 2026
Konferencia KYBER2026 Národného bezpečnostného úradu a SK-CERT, ktorá sa konala 27. a 28. apríla 2026 v hoteli Sitno Vyhne, potvrdila to, čo prevádzkovatelia základných služieb a kritických subjektov tušili už od začiatku roka. Rok 2026 nie je rokom prípravy, ale rokom preukázateľnej funkčnosti. V centre stojí nariadenie Európskeho parlamentu a Rady číslo 2024/2847 o kybernetickej odolnosti, ktoré dosiahne 11. septembra 2026 prvý ostrý míľnik, povinné hlásenie aktívne zneužívaných zraniteľností a závažných incidentov cez Single Reporting Platform agentúry ENISA.

Memorandum between the Critical Infrastructure Association of the SR and Slovak Investment Holding opens space for sustainable investments in critical infrastructure

24. apríla 2026
The Critical Infrastructure Association of the Slovak Republic (AKI SR) and Slovak Investment Holding, a. s. concluded a memorandum of cooperation on 23 April 2026, the aim of which is to create a framework for the support of investments and the financing of projects in the field of critical infrastructure in Slovakia. The memorandum confirms the shared interest of both parties in developing strategic, developmental and innovation projects with a focus on increasing the resilience of critical infrastructure and securing essential services. The cooperation will concentrate in particular on the identification of suitable projects, the exchange of expert knowledge, as well as the interconnection of public and private sources of financing. An important part of the cooperation is also the use of expert capacities and practical experience in the preparation and implementation of projects, in particular in the areas of infrastructure and innovation. “We see room for projects that will have a long-term impact and, at the same time, financial sustainability. In areas of public interest, such as critical infrastructure or innovation, we can bring knowledge of the environment, the identification of projects and the interconnection of partners, so that high-quality and feasible solutions come into being,” stated Tibor Straka, President of AKI SR. According to his words, it is crucial that the cooperation brings concrete results: “It is important for us that this cooperation is sustainable in the long term and brings measurable results that will have a real benefit for Slovak critical infrastructure.” At the same time, the memorandum creates space for systematic expert cooperation, consultations and further joint activities aimed at the support of investments and the development of critical infrastructure. Both parties declare their interest in actively participating in projects that will contribute to the modernisation of infrastructure, the more efficient use of resources and the strengthening of the investment environment in Slovakia.

Memorandum medzi Asociáciou kritickej infraštruktúry SR a Slovak Investment Holding otvára priestor pre udržateľné investície do kritickej infraštruktúry

24. apríla 2026
Asociácia kritickej infraštruktúry Slovenskej republiky (AKI SR) a Slovak Investment Holding, a. s. uzavreli 23. apríla 2026 memorandum o spolupráci, ktorého cieľom je vytvoriť rámec pre podporu investícií a financovanie projektov v oblasti kritickej infraštruktúry na Slovensku. Memorandum potvrdzuje spoločný záujem oboch strán rozvíjať strategické, rozvojové a inovačné projekty so zameraním na zvýšenie odolnosti kritickej infraštruktúry a zabezpečenie základných služieb. Spolupráca sa bude sústreďovať najmä na identifikáciu vhodných projektov, výmenu odborných poznatkov, ako aj prepájanie verejných a súkromných zdrojov financovania. Dôležitou súčasťou spolupráce je aj využitie odborných kapacít a praktických skúseností pri príprave a realizácii projektov, najmä v oblastiach infraštruktúry a inovácií. „ Vidíme priestor pre projekty, ktoré budú mať dlhodobý dopad a zároveň finančnú udržateľnosť. V oblastiach verejného záujmu, ako sú kritická infraštruktúra či inovácie, vieme priniesť znalosť prostredia, identifikáciu projektov a prepájanie partnerov tak, aby vznikali kvalitné a realizovateľné riešenia,“ uviedol prezident AKI SR Tibor Straka. Podľa jeho slov je kľúčové, aby spolupráca prinášala konkrétne výsledky: „Je pre nás dôležité, aby táto spolupráca bola dlhodobo udržateľná a prinášala merateľné výsledky, ktoré budú mať reálny prínos pre slovenskú kritickú infraštruktúru.“  Memorandum zároveň vytvára priestor pre systematickú odbornú spoluprácu, konzultácie a ďalšie spoločné aktivity zamerané na podporu investícií a rozvoj kritickej infraštruktúry. Obe strany deklarujú záujem aktívne sa podieľať na projektoch, ktoré prispejú k modernizácii infraštruktúry, efektívnejšiemu využívaniu zdrojov a posilneniu investičného prostredia na Slovensku.

When the Supplier Is the Single Point of Failure: The ChipSoft Attack and a Lesson for Slovak Healthcare

22. apríla 2026
A ransomware attack on ChipSoft, the supplier of the electronic health records system used by approximately 70 to 80 percent of Dutch hospitals, paralysed a substantial part of the national healthcare system within a matter of hours. The event reaches far beyond the borders of the Netherlands. It confirms that the concentration of sensitive infrastructure in the hands of a single software supplier is becoming a systemic vulnerability of critical infrastructure. 

Keď je dodávateľ jediným bodom zlyhania: útok na ChipSoft a lekcia pre slovenské zdravotníctvo

22. apríla 2026
Ransomvérový útok na spoločnosť ChipSoft, dodávateľa elektronickej zdravotnej dokumentácie pre približne 70 až 80 percent holandských nemocníc, ochromil za niekoľko hodín podstatnú časť národného zdravotníckeho systému. Udalosť má presah ďaleko za hranice Holandska. Potvrdzuje, že koncentrácia citlivej infraštruktúry u jediného softvérového dodávateľa sa stáva systémovou zraniteľnosťou kritickej infraštruktúry. 

Nuclear Fuel as Critical Infrastructure: Slovakia Is Building Supply Chain Sovereignty

15. apríla 2026
On 9 April 2026, Slovenské elektrárne, the Czech ČEZ, the Finnish Fortum and the Hungarian MVM Paks NPP signed a contract with the company Framatome for the development of the VERA-440 fuel assembly, which is a 100 % European fuel for VVER-440 reactors. The total value of the project reaches approximately 50 million euros, of which 10 million comes from the EU SAVE programme (Safe and Alternative VVER European) with 17 partners from 7 Member States and Ukraine. The commercial deployment of a sovereign European fuel is expected after 2035. This is not just an energy story. It is an event in the field of critical infrastructure security.

Jadrové palivo ako kritická infraštruktúra: Slovensko buduje suverenitu dodávateľského reťazca

15. apríla 2026
Dňa 9. apríla 2026 podpísali Slovenské elektrárne, česká ČEZ, fínska Fortum a maďarská MVM Paks NPP zmluvu so spoločnosťou Framatome na vývoj palivového článku VERA-440, čo je 100 % európske palivo pre reaktory VVER-440. Celková hodnota projektu dosahuje približne 50 miliónov eur, z čoho 10 miliónov pochádza z programu EÚ SAVE (Safe and Alternative VVER European) so 17 partnermi zo 7 členských štátov a Ukrajiny. Komerčné nasadenie vlastného európskeho paliva sa predpokladá po roku 2035. Toto nie je len energetická správa. Je to udalosť v oblasti bezpečnosti kritickej infraštruktúry.

Attack on the Chinese Supercomputing Centre: When the Attacker Becomes the Target

13. apríla 2026
An actor operating under the name “FlamingChina” claims to have obtained more than 10 petabytes of data from China’s National Supercomputing Centre in Tianjin, including military simulations, weapons system schematics and classified research materials. Regardless of whether the declared volume is real or overstated, the incident raises a question that reaches beyond geopolitics: how are the sovereign computing capacities of states protected, and why are supercomputers becoming a strategic target?