In parallel with the continuation of the military intervention in Ukraine, Russia has intensified its non-military aggression in western countries, using the entire spectrum of covert actions: from supporting political proxies and propaganda, to the formation of paramilitary organisations and conducting sabotage actions against critical infrastructure. The scale of such non-military operations and their rising violence rate point to the Kremlin’s secret war against the west.
The intermediate goal of this campaign is the weakening or complete disintegration of the collective security mechanisms of NATO and the EU. Its ultimate goal, however, is to elevate the Kremlin’s puppets to power in western countries, either by winning elections or staging coups, or a combination of both. This, in turn, should allow Russia to restore its military presence in Europe, lost in 1991, or even exceed it.
In order to wage this covert war, Russian special services have been building up the existing units and assembling new ones. The Main Directorate of the General Staff of the Russian Armed Forces (GRU) formed a Special Activities Service on the basis of Unit 29155, charged with pursuing violent regime change abroad. Its head, Gen Andrei Averyanov, has been promoted to deputy head of the GRU and holds regular meetings with President Vladimir Putin. A special centre was established for sabotage operations against critical infrastructure in the west. It is led by Gen Vladimir Alekseev, another deputy head of the GRU responsible for all Russian Spetsnaz units, the total number of which exceeds 20 000.
It is highly likely that the current operations are intended to test the methods and train the personnel and their recruited assets. Eventually, the real mass of such sabotage actions is planned to disable military and civilian logistics, communications, and the system of state administration at the time when the Russian troops invade a NATO member state’s territory. Similar operations are also carried out by the relevant units within the Federal Security Service (FSB), foreign intelligence service (SVR), and other government agencies, as well as ostensibly ‘non-governmental organisations’ that are, in fact, controlled by the state.
Unconventional Means to a Conventional End
To a large extent, what Russia is using against the west today, it tried against Ukraine before the start of covert military aggression in Crimea and the Donbas in 2014, and the full-scale invasion in 2022. The Ukrainian experience should, therefore, be carefully studied.
To this end, it is critically important to understand that between 2001 and 2013, Russia had already been waging an unconventional war against Ukraine. Devoid of any military action, it allowed Moscow to impose a puppet regime in Kyiv. Ukraine’s leadership of that era comprised not only Moscow’s agents—currently in Russia and participating in its military aggression against Ukraine, such as former Prime Minister Mykola Azarov, Secretary of the National Security and Defence Council Andriy Klyuyev, Deputy Prime Minister Volodymyr Sivkovych, and Minister of Internal Affairs Vitaly Zakharchenko—but also career officers of Russian special services, who did not even hide whom they used to work for. The latter includes Head of the Security Service Oleksandr Yakimenko, Defence Minister Dmytro Salamatin, and Head of the Presidential Security Service Vyacheslav Zanievsky.
It is worth noting that unconventional warfare allowed Russia to subjugate the whole of Ukraine, whereas conventional military aggression—in 2014 and since 2022—enabled it to seize only 20% of Ukraine’s territory. Despite a tight political grip, the Kremlin still resented Ukraine’s very existence as an independent state within its internationally recognised borders. Moscow thus actively sought to destabilise and divide the country, assisted by political figures like Viktor Medvedchuk, a Ukrainian billionaire, former speaker of the Ukrainian parliament, head of the presidential administration, and a close friend of Vladimir Putin. In 2010-13, Medvedchuk advocated federalising Ukraine and holding referendums on secession.
It is significant that, absent the legal means, it was precisely through the so-called “referendums” that Russia “incorporated” the occupied regions of Ukraine into its territory in 2014 and 2022. This indicates that even when successfully installed into power, political proxies are viewed only as an intermediate stage of a hybrid war, which should then simplify the Russian military presence. It debilitates any democratic processes that would otherwise allow the local population to overthrow the regime, as Ukrainians did in 2014 with the Revolution of Dignity.
The partitioning of Ukraine has always been Russia’s long-term strategy, not an emotional response to Kyiv’s changing foreign policy vector, as evidenced by Moscow’s prior attempts to carve up the country. Russia first attempted to divide Ukraine in 2004, when, with the direct support from the Kremlin, then-presidential candidate Viktor Yanukovych and his supporters proclaimed the creation of the South-Eastern Ukrainian Autonomous Republic. It was aimed to cut Ukraine in half and proclaim a separate state with the capital in Kharkiv.
Ironically, while Russia justifies its aggression against Ukraine by an alleged “self-defence from a Nazis regime,” Putin borrows the idea of holding referendums in occupied territories to legalise their seizure from Hitler. In March 1938, German troops entered Austria and immediately began repressions against the local population, having arrested over 70 000 in the first days of the invasion. In April 1938, an “Anschluss referendum” was held, with over 99% approval vote, according to the Nazi administration.
The lack of reaction from the League of Nations and, especially, from the western countries whose leaders were hoping to appease Hitler predictably led to a series of such “peaceful occupations.” The following year, Germany seized the Sudetenland in former Czechoslovakia and actively employed local political proxies. German military commander Wilhelm Keitel believed that the Reich had not yet been ready to wage a war against France and Britain. In his estimation, if confronted with their tough opposition, Germany would have been forced to abandon its plans in Czechoslovakia.
A False Sense of Security
While trying to limit Russia’s ability to carry out subversive activities on their soil, western governments have long mistakenly believed that they could achieve this by reducing the number of Russian intelligence officers under cover as embassy staff. Mass expulsions of diplomats began in 2018 after Russian defence intelligence operatives had used chemical weapons in the city of Salisbury, the UK. The next major wave was a response to Russia’s military aggression against Ukraine in 2022.
After that, government officials and even representatives of the NATO intelligence community made premature and unfounded assessments. They reassured themselves that the Russians had allegedly lost more than half of their spies and, as a result, were unable to continue operations at the previous level. However, in 2024, the tone changed significantly. In September 2024, at the first joint press conference in 77 years, the heads of the CIA and MI6 stated that the level of threat to world order had reached its highest since the end of the Cold War. In this context, a large-scale Russian sabotage campaign against the west was emphasised.
There are several reasons why the expulsion of Russian diplomats did not affect Moscow’s ability to conduct intelligence and subversive operations abroad. First, the expelled individuals’ biographical records—post and prior to their exposure—indicate that only a handful had professional ties to the intelligence services. Given that the lion’s share of Russian diplomats has these connections, such a low percentage among the expelled appears extremely strange. Even if the persona non grata lists had been compiled on the principle of random selection, the number of Russian intelligence officers should have been significantly higher. This suggests that at least some countries, which wanted to demonstrate their solidarity with the campaign, also did not want to aggravate their relations with the Russian Federation. Some might have offered Moscow to pre-select the diplomats to be sent home, which would explain this discrepancy.
Secondly, diplomatic cover for intelligence and, even more so, subversive operations has never been the most desirable option. In the Soviet period, assigning diplomats to such tasks was rather a forced necessity, as only a small part of Soviet citizens could travel abroad and, especially, to NATO countries. However, even then, preference was given to “illegal intelligence,” i.e., agents operating without an official cover and, in most cases, even without an affiliation to the Warsaw Bloc. In today’s open world, millions of Russians can legally visit, reside in, and even become citizens of foreign states. Hence, charging diplomatic staffers—who at least occasionally may be of interest to local counterintelligence services—with operations that first come to an amateur’s mind, such as surveillance of military facilities or sabotage against critical infrastructure, is impractical.
Besides diplomatic immunity, intelligence officers embedded with the embassies have an opportunity to regularly interact with local politicians, government officials, public figures, businessmen, and their diplomatic counterparts. They are, therefore, mainly focused on the recruitment of assets to be utilised for espionage and influence measures against the respective societies and governments. Meanwhile, the “illegals” are preferred for other missions, such as surveillance, sabotage, and assassinations, instead of the diplomats. Recent arrest cases include groups of Germans of Russian origin in Bavaria (2024) and Bulgarians led by Austrian Jan Marsalek, an Austrian, in the UK (2023), as well as Spanish journalist Pablo Gonzalez, an employee of Russian defence intelligence, whose real name is Pavel Rubtsov, in Poland (2022).
The emergence of the Internet and the spread of social media networks have created unique opportunities for intelligence operations that were difficult to imagine before. Remote recruitment via Telegram, Facebook, Instagram, and other messengers has skyrocketed, with minors being targeted more frequently. Although such recruits are initially tasked with small sabotage actions, they can be cultivated to be entrusted with more complex operations. The advantages are many: a recruiter operates from the safety of their own home country; processes hundreds, if not thousands, of prospective agents simultaneously; and employs digital tools for candidate selection, automated communication, and translation services. Most importantly, however, they can avoid revealing ties to Russia by hiding behind any national flag. This is especially important for recruiting individuals who, despite their disposition to commit illegal actions, would never act on it, knowing that the Russian special services are the ones pulling the strings.
Scaling Up Best Practices
Although nearing unprecedented proportions, Russian intelligence and subversive activities in the west will continue to grow in scale. Given the covert nature of hybrid warfare, the primary task of countering it is to expose the plans, intentions, and operations of Russian special services, as well as to identify individuals and the tools employed. The intelligence agencies of NATO member states and partner countries should undoubtedly play the leading role due to their acquired understanding of Russia’s methods and means, as well as their own institutional resources.
The intelligence community should not be left alone to fight this war. The number of Russian intelligence assets in the west significantly exceeds the number of staffers assigned to “Russia desks”—and possibly even the total number of employees at intelligence and counterintelligence agencies in the targeted countries. Designed to prevent abuse and protect citizens’ rights, the legal systems in democratic countries limit the security services’ ability to collect information, let alone to do so with special methods. Absent a martial law or a similar emergency status, such restrictions remain in force during hybrid aggression.
This problem can be solved by adopting a whole-of-government and whole-of-society approach in the early detection of hostile operations. Civil society actors, non-governmental organisations and foundations, think tanks, media, and other private actors are not subject to the same rigid rules that apply to state agencies. By equipping them with specialised training and knowledge, educating them on Russian methods and techniques, and teaching them OSINT skills, they can strengthen the intelligence community’s capacity to detect covert operations, therefore enabling the security services to focus on non-publicly available means of intelligence gathering.
This practice of combining forces has been actively used in Ukraine since 2022. Through streamlined coordination, it was possible to expose a significant number of enemy operations, representing almost the entire spectrum: from smuggling of critical imports and industrial espionage to recruiting mercenaries and attempts to stage coups. Due to the timely detection, many covert operations have been successfully prevented. In order to formalise and institutionalise this approach, the Secretary of the National Security and Defence Council of Ukraine in 2025 created a special interagency platform—known as the OSINT Task Force.
Undoubtedly, the Ukrainian experience, acquired at a high cost, should be taken as a basis for building both national and international systems for countering Russian hybrid aggression. The only effective response to a totalitarian attack is total defence.
This article was written for the Lennart Meri Conference special issue of ICDS Diplomaatia magazine. Views expressed in ICDS publications are those of the author(s).