The recent surge in cases in the West related to Russian intelligence activities , is a bitter reminder that the Russian intelligence community remains very active despite the country's challenges in Ukraine, writes Dr. Fleming Splidsboel Hansen, senior research fellow at the Danish Institute for International Studies, for The International Center for Defense and Security (ICDS). the leading think tank in Estonia specializing in foreign policy, security and defense issues.
"It is a disaster," says Bruno Kahl, head of the German Intelligence Service (BND), of one such case, in which a highly trusted BND official is now accused of passing information to the Russians.
The conflict between Russia and the West, intensifying since Russia's aggression against Ukraine in 2014 and even more so after Russia's full-scale invasion in 2022, has only increased Russia's demand for everything it can do with intelligence. The appetite in Moscow for insight into Western political thinking and decision-making as it relates to, for example, sanctions against Russia and military support for Ukraine is much greater now than it was before 2014. So is the need to mobilize and raising various assets. And it's also true of the need to think creatively and cynically about how to achieve a rapidly growing catalog of desired effects.
Basically, the Russian intelligence community produces knowledge through cyberespionage targeting the communication systems of government institutions or recruiting individuals to provide classified information on military matters or advanced technology. The aim is to reduce the level of uncertainty related to the future, thereby preparing decision-makers to respond or allow Russian industries to achieve breakthroughs by illegally copying the work of others.
But it is usually not so much the production of knowledge as the nature of the wider Russian intelligence organization and the activities it carries out that demands our attention. To counter it, we must understand the unconventional nature of both, which inevitably leads to confronting dilemmas related to our interests and the constitution of our free and open societies.
Smooth Intelligence Network
The Russian intelligence community is usually associated with its main organizations such as the Federal Security Service (FSB), the Military Intelligence Service (GU, formerly the GRU) and the Foreign Intelligence Service (SVR) — listed here in order of importance. However, the approach of the Russian intelligence community is very comprehensive, which means that it is much broader than institutional designations would otherwise suggest. The approach may actually be so comprehensive and the contours of Russian intelligence organizations so blurred as to make focusing on the core organizations extremely problematic. Within the broader intelligence community, there are indeed centers of gravity exercising both formal and real leadership and setting guidelines with little or no consultation and outside involvement, but it is instructive to view them as a seamless network of actors. All these actors, located at the levels of organizations and individuals, are employed in support of the common goals identified in the Kremlin.
Rossotrudnichestvo sets an example at the level of organizations. Self-described as an agency with a mission to "strengthen Russia's humanitarian influence in the world,", its internationally deployed staff act both as organizers of literary readings and piano concerts, as well as recruiters and agents of influence. "Never let an intelligence opportunity go to waste" seems to be the unspoken motto behind the overarching thinking that has led Rossotrudnichestvo officials to reach out to attendees when organizing events at the local House of Russia and to students when visiting universities. In 2022, the European Union put Rossotrudnichestvo on the sanctions list for doing just that — intelligence work under the much more innocuous guise of cultural promotion. It operates under the direction and in close liaison with intelligence officers posing as diplomatic staff at local Russian embassies.
The individual level is represented by Russian citizens, current or former, living in the West. Extremely controversial, the issue is very real and needs to be addressed. One must understand how problematic it is to create such a large and diverse group as a monolith, and that the vast majority of these Russian citizens are in no way nodes in a seamless intelligence network. However, many Western countries have had recent experience with espionage carried out by Russian nationals residing there on a (semi-)permanent basis, on behalf of the main Russian intelligence agencies.
An individual's rationale for engaging in such illegal activities will vary and will be somewhere along a continuum ranging from purely ideological to purely material. Most of the known cases remain somewhat shrouded in mystery, making it difficult to assess what really happened. To illustrate, in 2020 the Danish Security Service (PET) arrested a Russian citizen, Alexey Nikiforov, living and working in Denmark. He was later convicted of espionage, sentenced to prison and deported. Nikiforov was acting under the direction of an intelligence officer and officer in charge at the Russian Embassy in Copenhagen. It was to this person that Nikiforov passed sensitive information from the company Green Tech, which offered him a position after his doctoral studies at the Technical University of Denmark. Nikiforov was paid cash by his supervisor for his efforts, but he was also active in the Russian House, playing the balalaika in a small orchestra with other Russians and interacting with openly pro-Kremlin figures in the Russian émigré community in Denmark. It is not known to what extent he was driven by ideology and/or by material interests.
Material interest includes avoiding harm to self or loved ones. One of the most remarkable aspects of the community of Russian citizens living in the West is the almost complete absence in this community of any kind of resistance to the war in Ukraine. This silence is in stark contrast to the vociferous condemnation of the war - a genocidal war of aggression filled with atrocities - often expressed by the surrounding society as a whole and by other sub-segments within that society. The community of Russian citizens living in the West generally remains passive. This fact is undoubtedly explained in part by approval of the war (including its character) and in part by fear of the consequences of expressing opposition to the war (for oneself or for relatives in Russia). Both are causes for concern from a counterintelligence perspective, as they can relatively easily lead to increased recruitment, either on a voluntary basis or through the use of threats. The continued radicalization of the Putin regime suggests that the authorities will be willing to go even further to coerce Russian citizens living in the West to support the interests of Russian intelligence.
Three areas
This broader Russian intelligence community carries out activities in three domains: physical, cyber and cognitive. Starting with the latter, (dis)information operations against Western societies have become routine and are carried out on a large scale every day. All three major agencies are involved, but so are the supposed "independent" organizations and individuals. It is an aggressive form of manipulation aimed at different target groups. This is nothing new - Soviet intelligence also tried to manipulate public opinion in the West. Yet the scale, speed and, potentially, level of penetration and impact have changed dramatically. Russian officials are now brazenly announcing that Russia is meddling in elections in Western countries.
Next is the cyber domain, where all three main agencies are active again. Their activities range from cyber espionage to highly disruptive cyber operations designed to create data chaos and system crashes. Russian cyber actors are routinely subpoenaed by Western authorities — while individuals are placed on sanctions lists and charged — but their cyber activities continue unabated. The West has largely failed to deter Russian agencies that take full advantage of the attribution problem and outsource operations so that they are said to be unrelated to the Russian state.
And finally, the physical onlast. The threat is well known — as it explains why we've been guarding the perimeters of certain facilities for decades — but it's taken on a new urgency. From railway cables to antennas and pipelines on the seabed, the list of critical infrastructure is almost endless in light of rising tensions between Russia and the West, as well as Russia's interest in causing disruption. The new urgency stems from the fact that the cyber domain — relatively new and rapidly growing — there is also a physical component. In April 2024, German authorities arrested two Russian-German men who they reportedly identified, in coordination with a Russian intelligence officer, as targeting military and industrial sabotage. Our focus on the cognitive and cybernetic domains has probably led us to neglect to some extent the physical domain, where disruption can be achieved at relatively low cost and a catalog of Russian intelligence targets is easy to compile.
Dilemmas
Development is fraught with dilemmas that threaten to escalate, of which I will mention only three. The first and very immediate dilemma is related to the expulsion of Russian spies masquerading as diplomatic officials. According to a conservative estimate, two-thirds of Russian embassy staff in Western countries are members of the Russian intelligence community. Given the overarching mindset within the Russian system, all diplomatic personnel working outside the gates of embassy compounds may actually be conducting intelligence activities. The cost of their expulsion is being felt in Western diplomatic missions in Russia. These countries wish to maintain a presence there - at least so they can support their own citizens. The relatively uncompromising expulsion of Russian intelligence from the West following Russia's full-scale invasion of Ukraine in 2022 has seen many Western embassies in Moscow cut their work to a minimum as staff are forced out. This clearly harms their interests.
The second dilemma is related to Russian citizens living in Western countries. China's 2017 Intelligence Law is known to require its citizens to support their country's intelligence efforts, a provision that has raised concerns about "everyday espionage" by Chinese nationals both inside China and abroad . The Russian authorities have not (yet) passed such a law, but there is good reason to believe that they are getting pretty close to it. The continued radicalization of the regime - with its aggressive talk of "patriots" and "traitors" - would easily lead to a situation where Russian citizens in the West would find themselves under pressure from authorities to support state intelligence efforts. This is likely to encourage Western governments to introduce stricter vetting of Russian citizens before allowing them into critical sectors such as academia or industry.
The final dilemma concerns prioritization. Given the scope and nature of Russian intelligence in all three areas, what should we prioritize? We are well beyond intelligence as the kind of knowledge produced by traditional spies in our relationship with the wider Russian intelligence community. A key word for a very diverse range of intelligence activities is "destroy" - in the cognitive, cyber and physical domains. And it's done by a very diverse set of actors in a seamless network. This is a huge challenge that will require dedicated work and careful prioritization by Western counterintelligence as the current conflict between Russia and the West continues.