The Global Undersea Cable Attack Map: Baltic Sea Sabotage, Taiwan Blackout Risk, and Why 10 Cables Have Been Cut in 2 Years

The Middle East undersea cable cuts that disrupted internet traffic across Asia, Africa, and Europe in 2024-2025 brought public attention to the physical internet for the first time. But those cuts were symptomatic of a broader pattern. SubTel Forum recorded 46 cable incidents globally in 2024 — the highest number since the organisation began tracking in 2013. Ten cables have been damaged in the Baltic Sea since 2022. Taiwan has experienced five cable incidents in two years, with suspicious vessels linked to China operating near each break. Red Sea cables connecting Asia to Europe remain at risk from Houthi activity.

Undersea cables carry approximately 98% of all international internet traffic and essentially 100% of international financial transaction data. They are the circulatory system of the global digital economy. And they are being cut, damaged, or disrupted at a rate that has no precedent in the modern history of telecommunications.

This guide covers three active undersea cable conflict zones in 2026 that are distinct from the Middle East situation covered in depth elsewhere: the Baltic Sea, Taiwan, and the Red Sea. Different geographies, different threat actors, different implications for global internet routing.

The Baltic Sea: Ten Cables Since 2022

The Baltic Sea is a semi-enclosed sea bordered by Germany, Denmark, Sweden, Finland, Estonia, Latvia, Lithuania, Poland, and Russia. Multiple undersea cables cross it connecting Scandinavian and Baltic state telecommunications infrastructure to the broader European network.

Since Russia's invasion of Ukraine in 2022, ten undersea cables in the Baltic region have been damaged or severed. Seven of those ten incidents occurred in a concentrated window between November 2024 and January 2025.

The Elisa Cable Incident (January 1, 2026):

The most recent and best-documented incident: Finland's Elisa telecommunications cable connecting Helsinki to Tallinn, Estonia, experienced a major disruption at 4:53 AM local time on January 1, 2026. Finnish police seized the cargo vessel Fitburg in Finnish waters shortly after, on suspicion of cable sabotage by dragging anchor.

The Fitburg was en route from Russia to Israel. It was found to be carrying sanctioned Russian steel — goods that should not have been in transit under EU sanctions. The coincidence of the cable break, the vessel's Russian origin, its sanctioned cargo, and its New Year's Day timing (lowest surveillance window of the year) was not treated as coincidence by Finnish authorities.

NATO, which Finland joined in 2023, responded by establishing Operation Baltic Sentry — a multinational force dedicated specifically to undersea infrastructure protection in the Baltic. This is the first NATO operation with a mandate focused on protecting civilian undersea infrastructure rather than military assets.

The grey ships problem:

Of the ten Baltic cable incidents since 2022, official attribution to Russia has been cautious. Some vessels investigated had opaque ownership structures — registered in third countries under flags of convenience, with beneficial ownership traced to sanctioned Russian entities. Proving deliberate sabotage versus anchor drag accident requires evidence of intent: difficult to establish when a vessel drops an anchor on a cable at night in international waters and continues sailing.

What is clear: ten incidents in two years, seven concentrated in a two-month window, is not an accident rate consistent with normal commercial shipping in a well-charted sea.

Taiwan: Five Incidents, $55 Million Per Day, New Law

Taiwan sits at the convergence of the Pacific cable network connecting Japan, South Korea, the Philippines, and broader Asia-Pacific. Cables running through or near Taiwan connect landing stations that aggregate traffic from East Asia before routing to North America and Europe.

In 2024-2025, Taiwan experienced five cable damage incidents. Four of the five involved vessels with Chinese or Russian crew operating under flags of convenience — Mongolia, Cameroon, and Sierra Leone registrations appeared repeatedly — with opaque ownership structures. Taiwan's Coast Guard blacklisted 96 suspicious vessels operating in patterns consistent with cable surveillance or sabotage.

The $55 million figure:

Taiwan's own assessments estimate that a comprehensive cable blackout — severing the major undersea cable clusters connecting the island — would cost up to $55 million per day in economic disruption. This is not primarily from the cables being down; Taiwan has some satellite backup capacity. It is from the financial transaction processing, supply chain coordination, and semiconductor export logistics that depend on low-latency international connectivity.

Taiwan produces approximately 90% of the world's most advanced semiconductor chips (TSMC). The fabs themselves operate on domestic infrastructure. But the global supply chains that feed them materials, purchase their output, and coordinate logistics are dependent on international connectivity. A sustained cable blackout would not stop chips from being manufactured; it would severely disrupt the global system that makes manufacturing them economically rational.

Expert assessment: A Taiwan cable security researcher stated in March 2026: "If China invades tomorrow, it only needs to sever three undersea fiber-optic cable clusters to cause total data blackout." Three clusters, not dozens of individual cables. The chokepoint architecture is highly concentrated.

January 2026 legislative response:

Taiwan enacted seven amendments to its undersea cable protection law in January 2026, raising national security protections for undersea infrastructure. The amendments increase penalties for cable damage, expand Coast Guard authority to board suspicious vessels, and establish mandatory reporting for vessels operating near cable corridors.

The legislative shift — from attributing cable cuts to "accidents" to explicit national security legislation — signals that Taiwan's government no longer treats the incidents as coincidental.

Red Sea: The Ongoing Situation

Approximately 17 cables run through the Red Sea connecting Asia to Europe, representing one of the most concentrated internet chokepoints on the planet. In September 2025, multiple cables were damaged — SEA-ME-WE 4, IMEWE, and FALCON GCX — near Saudi Arabia. Repairs required 6-8 weeks, causing degraded speeds across Pakistan, India, Saudi Arabia, and UAE throughout the repair window.

The Bab-el-Mandeb Strait at the southern Red Sea is only 18-29km wide. Cables running through it have limited alternative routing. Houthi attacks on commercial shipping in the Red Sea have extended to cable infrastructure. Repair vessels — and there are only approximately 60 globally capable of deep-sea cable work — must navigate the same threat environment that has made commercial shipping through the Red Sea a risk calculation.

The 46 Incidents Context

SubTel Forum's data showing 46 cable incidents in 2024 — the highest on record — needs context. The historical baseline was 100-150 faults annually worldwide from all causes: ship anchors, fishing nets, earthquakes, equipment failure. The vast majority were accidental and in shallow near-shore waters.

The 2024 figure includes a significant increase in incidents in geopolitically contested areas, by vessels with patterns that differ from normal commercial shipping. Insikt Group specifically identified eight cable damages in the Baltic Sea and five near Taiwan as the two most concentrated incident clusters. This is not a routine year with slightly elevated accidents. It is a structurally different threat environment.

Developer and Infrastructure Implications

Cloud region dependency mapping:

The undersea cable geography maps directly to cloud region availability:

• AWS ap-northeast-1 (Tokyo), ap-northeast-2 (Seoul): dependent on cables in or near Taiwan waters
• AWS eu-west-1 (Ireland), eu-central-1 (Frankfurt): partially dependent on Baltic Sea and North Sea cable routes
• AWS ap-south-1 (Mumbai), ap-southeast-1 (Singapore): Red Sea cable dependent for Europe connectivity

Cloud providers have multiple cable paths and can reroute around individual cuts. But latency increases and capacity constraints during cable incidents create degraded service that looks like intermittent slowness rather than clean outages — difficult to diagnose without routing-level visibility.

Multi-region architecture:

For applications where low-latency international connectivity is a functional requirement, deploying across cloud regions served by geographically diverse cable paths reduces the impact of any single cable incident. Singapore serves as an alternative hub for Asia-Europe traffic when Red Sea routes are degraded. North American east coast regions provide backup routing for Baltic-affected European paths.

The repair bottleneck:

Approximately 60 vessels globally are capable of deep-sea cable repair. During the 2024-2025 Red Sea incidents, multiple vessels were engaged simultaneously and prioritisation decisions had to be made. If Baltic, Taiwan, and Red Sea incidents escalate simultaneously — a plausible scenario in broader conflict — the repair capacity constraint becomes a global internet crisis, not a regional inconvenience.

Where to monitor:

• TeleGeography Submarine Cable Map: free interactive map of all global cables
• RIPE Labs and APNIC Blog: technical routing impact analysis
• ThousandEyes (Cisco): real-time internet routing monitoring
• SubTel Forum: industry cable incident tracking

---

The undersea cable story is not a future risk. Ten Baltic cables since 2022. Five Taiwan incidents since 2024. Sustained Red Sea disruption. 46 global incidents in 2024. Understanding where your infrastructure dependencies sit on this map is a first-class architecture question in 2026.