top of page

Intel Brief: Russian vessel Yantar incident off UK coast

  • casper4871
  • 6 hours ago
  • 4 min read

Date: 24/11/2025 (16:00 UTC+01:00)

Who? 

  • Russian intelligence-gathering vessel Yantar (Project 22010 oceanographic vessel, ~108 metres, IMO 7524419); operated by Russian Ministry of Defence Main Directorate of Deep-Sea Research (GUGI); deployed by Russian Navy/intelligence agencies.  

Where? 

Not expressly given by the British government, but according to open source flight data and the approaches of two military aircraft, the location of the incident likely occurred north west of Scotland IVO Hebrides approximately 45 nautical miles from British coast, with other reports stating as close at 12 nautical miles off the coast. Importantly in this area, there are critical transatlantic and intra-European subsea cables, as well as the homebase of the UK’s nuclear deterrent submarines, HMNB Clyde.


The Yantar (ЯНТАРь) in 2018.
The Yantar (ЯНТАРь) in 2018.

What happened? 

  • On 19/11/2025, UK Defence Secretary John Healey confirmed that the Russian intelligence-gathering vessel, Yantar, had entered UK waters off the northern Scottish coast and directed laser-dazzling devices at RAF pilots conducting surveillance operations. The ship had entered the UK exclusive economic zone (EEZ) within the last two weeks. 

  • That same day, UK Royal Navy and RAF assets were deployed to monitor and track the vessel's movements, given its intelligence-gathering capabilities. During surveillance operations, RAF P-8 Poseidon aircraft pilots reported being targeted by laser-dazzling devices emitted from the Yantar. No physical injuries were reported, though the UK Defence Ministry emphasised the serious risk posed by such incidents to aircraft safety.


Analysis

Continuing Threat to Critical Undersea Infrastructure

The undersea cable networks mapped and targeted by the Yantar carry approximately 98% of UK international communications and data traffic, including banking, energy sector communications, and civilian internet. Importantly, businesses in Europe, specifically those based in the littoral nations of the North Sea are critically dependent on these undersea infrastructures for Real-time financial transactions and banking operations, cloud-based services and data storage, energy sector operational control systems and sea-based physical assets, supply chain coordination and logistics and international communications and customer services.


Disruption to even a single major cable or several at crossing-points would impact business operations across multiple sectors regionally and internationally. Most notably, stakeholders of cables or assets located in the North Sea are at continued risk of being directly or indirectly targeted by grey zone actions, given the target-rich environment for adversaries and the inability to protect so many potential targets in such a vast area. 


Escalation of sea and land-based Russian Hybrid Warfare Tactics

This incident represents a significant escalation in Russian ‘grey zone’ operations, actions that fall short of declared war, but pose serious military and economic risk. The use of laser-dazzling against RAF personnel indicates:

  • Increased willingness to directly target NATO military assets;

  • Potential expansion of hostile actions beyond reconnaissance to active interference;

  • Testing of UK response capabilities and rules of engagement.

  • Demonstration of capability and resolve to NATO adversaries.

As a result, geopolitical tension between UK/NATO and Russia may escalate further, creating unpredictability in operations, especially in the North Sea and Baltic Sea. Furthermore, this latest incident complements the numerous drone sightings over key pieces of infrastructure in European NATO countries, including airfields, commercial airports, military facilities, and energy infrastructure.


Business Continuity Risk for North Sea Operations

Due to this, companies operating in or dependent on North Sea infrastructure face heightened risks, from offshore energy operations to telecommunication cables, maritime operations and international trade. Oil and gas facilities rely on subsea cables for operational control, remote monitoring, and communications, and offshore wind farms depend on undersea power transmission systems. Shipping, fishing, and marine services depend on GPS, communications, and navigation systems that rely on undersea infrastructure to transmit internet traffic. Delays or disruptions to North Sea shipping lanes or related communications would affect supply chains globally, and consequently global markets. Lastly, there may be insurance and liability implications for disruption to critical infrastructure and regulatory attention to infrastructure resilience may result in new compliance requirements.


Information gathering for future attacks

The Yantar's activities include collecting valuable intelligence on various targets, such as: cable routing and network architecture, operational security protocols of energy and communications networks, geographic vulnerabilities in critical infrastructure, asset clustering/crossings between the UK, the Netherlands and Belgium, threatening a cascading risk, geographic chokepoints i.e. Great Belt (Denmark Strait), and NATO military coordination and response capabilities.


This intelligence could inform future Russian cyber or physical attacks on critical systems. Notably, there are thought to be approximately 50 other vessels, operated by GUGI, that conduct similar intelligence-gathering operations worldwide.


Conclusion

The Yantar incident represents a significant escalation in Russian intelligence and hybrid warfare operations targeting critical UK and NATO infrastructure. For businesses operating in the North Sea, dependent on undersea communications infrastructure, or engaged in international trade, this situation requires immediate reassessment of business continuity plans, cybersecurity postures, and supply chain resilience. The incident demonstrates Russia's willingness to directly target NATO military assets in the grey zone, suggesting potential for further escalation. Organisations should treat this as a wake-up call to accelerate implementation of redundancy and contingency planning for critical infrastructure dependencies.


This incident is only a part of a Europe-wide grey zone series of events almost certainly being conducted by the Russian state and associated entities, at sea and on land. They do not qualify a war response and therefore continued actions with plausible deniability will continue to be conducted, probing and testing NATOs military resolve, and more importantly, that of its citizens and businesses.



bottom of page