May 30, 2024

Russian Intelligence and Western Counterintelligence

A poster depicting six wanted GRU officers who were indicted by the US Department of Justice in October 2020 for repeatedly hacking and spreading malware on behalf of Russia to attack the country's infrastructure and the organization of elections.
A poster depicting six wanted GRU officers who were indicted by the US Department of Justice in October 2020 for repeatedly hacking and spreading malware on behalf of Russia to attack the country's infrastructure and the organization of elections.

The recent surge in cases across the west relating to Russian intelligence activities is a bitter reminder — lest anyone should think otherwise — that the Russian intelligence community remains highly active, the country’s challenges in Ukraine notwithstanding.

“It is a disaster”, says Bruno Kahl, Head of the German Intelligence Service (BND), about one of these cases, where a much-trusted BND officer now stands accused of having handed information to the Russians.

The conflict between Russia and the west, gaining in intensity after Russia’s aggression against Ukraine in 2014 and even more so after Russia’s full-scale invasion in 2022, has only increased the Russian demand for everything intelligence. The appetite in Moscow for insights into the political thinking and decision-making in the west as this relates, for instance, to sanctions against Russia and military support for Ukraine, is now much greater than before 2014. The same is true for the need to mobilise and recruit various assets. And it is also true for the need to think creatively and cynically about how to achieve a rapidly increasing catalogue of desired effects.

The term “intelligence” is traditionally viewed as a type of knowledge, organisation, and activity. At its core, the Russian intelligence community produces knowledge, through cyber espionage targeting the communications systems of state institutions or the recruitment of individuals to supply classified information on military affairs or advanced technologies. The purpose is to reduce the level of uncertainty relating to the future, thereby preparing decision-makers to respond or to allow Russian industries to achieve breakthroughs by illegally copying the work of others.

However, it is usually not so much the knowledge production as the character of the wider Russian intelligence organisation and the activities pursued by it that demands our attention. To counteract, we need to understand the unconventional nature of both, which inevitably entails confronting dilemmas relating to our interests and the set-up of our free and open societies.

A Seamless Intelligence Web

The Russian intelligence community is usually associated with its main organisations such as the Federal Security Service (FSB), the Military Intelligence Service (GU, previously the GRU), and the Foreign Intelligence Service (SVR) — listed here in order of importance. However, the approach of the Russian intelligence community is very comprehensive, meaning that it is much wider than institutional designations and organigrams would otherwise suggest. The approach may, in fact, be so comprehensive and the contours of the Russian intelligence organisations, therefore, so blurred as to make it highly problematic to focus too one-sidedly on the main organisations. Centres of gravity do exist within the wider intelligence community, exercising both formal and real leadership and setting directions with little or no consultation and external involvement, but it is instructive to view it as a seamless web of actors. These actors, found at the levels of both organisations and individuals, are all employed in support of the overall goals identified in the Kremlin.

Rossotrudnichestvo provides an example at the level of organisations. Self-defined as an agency with the mission “to strengthen Russia’s humanitarian influence in the world,” its internationally deployed staff act simultaneously as organisers of literature readings and piano concerts and recruiters and influence agents. “Never let an intelligence opportunity go to waste” seems to be the undeclared motto behind the comprehensive thinking, which has led Rossotrudnichestvo staff to reach out to attendees, when hosting events at a local Russia House, and to students, when visiting universities. The European Union in 2022 placed Rossotrudnichestvo on the sanctions list for doing exactly that — intelligence work under the much more innocuous cover of promoting culture. It operates under the instruction of and in close liaison with intelligence officers posing as diplomatic staff at the local Russian embassies.

The level of individuals is represented by Russian citizens, current or former, living in the west. Hugely controversial, the issue is very real and needs to be addressed. One should understand just how problematic it is to cast such a large and diverse group as a monolith and that the overwhelming majority of these Russian citizens do not in any way represent nodes in a seamless intelligence web. However, many western states have had recent experiences of espionage conducted by Russian citizens, residing there on a (semi-) permanent basis, on behalf of the main Russian intelligence organisations.

An individual’s rationale for engaging in such illegal activities will vary, and it will be somewhere on a continuum ranging from the purely ideological to the purely material. Most of the cases known remain somewhat shrouded in mystery, making it difficult to assess what has really happened. To illustrate, in 2020, the Danish Security Service (PET) arrested a Russian citizen, Alexey Nikiforov, living and working in Denmark. He was later convicted of espionage, sentenced to a prison term, and deported. Nikiforov operated under the instructions of an intelligence officer and handler at the Russian embassy in Copenhagen. It was to this individual that Nikiforov handed over sensitive information from the Green Tech company, which had offered him a position after his doctoral studies at the Technical University of Denmark. For his efforts, Nikiforov was paid in cash by his handler, but he was also active at the Russia House, playing the balalaika in a small band with other Russians, and socialised with openly pro-Kremlin individuals in the Russian expat community in Denmark. It is unknown to which extent he was driven by ideology and/or by material interests.

A material interest includes avoiding harm, to oneself or to close ones. One of the most remarkable aspects of the community of Russian citizens living in the west is the near-total absence within this community of any kind of opposition to the war in Ukraine. This silence stands in stark contrast to the loud condemnation of the war — a genocidal war of aggression filled with atrocities — often expressed by the surrounding society as a whole and by other sub-segments across this society. The community of Russian citizens living in the west has generally remained passive. This fact, undoubtedly, is explained partly by the approval of the war (including its nature) and partly by fear of the consequences of expressing opposition to the war (for oneself or relatives in Russia). Both are reasons for concern from a counter-intelligence perspective as they may relatively easily lead to increased recruitment, either on a voluntary basis or through the use of threats. The continued radicalisation of the Putinist regime suggests that the authorities will be willing to go even further to force Russian citizens living in the west to support Russian intelligence interests.

Pigeons walking in front of the Russian Foreign Ministry in April 2024. EPA/Scanpix

Three Domains

This wider Russian intelligence community conducts activities across three domains: physical, cyber, and cognitive. Starting with the latter, (dis-) information operations against western societies have become routine and are executed on a large scale every single day. All three main agencies engage in this, but so do supposedly “independent” organisations and individuals. It is an aggressive form of manipulation directed at various target populations. This is not new — Soviet intelligence also tried to manipulate public opinion in the west. Yet, the scale, speed, and, potentially, the level of penetration and effect have changed dramatically. Russian officials now brazenly announce that Russia interferes in elections in western states.

Next is the cyber domain where, again, all three main agencies are active. Their activities range from cyber espionage to highly destructive cyber operations designed to create data havoc and systems breakdowns. Russian cyber actors are routinely called out by western authorities — while individuals are put on sanctions lists and indicted — but their cyber activities continue unabated. The west has largely failed to deter the Russian agencies, which take full advantage of the attribution problem and outsource operations so that they are said to be unconnected to the Russian state.

Finally, the physical domain. The threat is well-known — as it explains why we have been guarding the perimeters of certain facilities for decades — but has gained a new urgency. From railway cables over to antennas and seabed pipelines, the list of critical infrastructure is almost endless in light of the increase in tensions between Russia and the west, as well as the Russian interest in causing disruptions. The new urgency stems from the fact that the cyber domain — a relatively new and rapidly growing one — also has a physical component. In April 2024, the German authorities arrested two Russian-German men, who have reportedly identified, in coordination with a Russian intelligence officer, military and industrial targets for sabotage. Our focus on the cognitive and cyber domains has probably led us to neglect, to some extent, the physical domain, where disruptions may be achieved at a relatively low cost and a catalogue of Russian intelligence’s targets is easy to compile.


The development is fraught with dilemmas, which threaten to become more acute and of which I will just mention three. The first and very immediate dilemma relates to the expulsion of Russian spies disguised as diplomatic staff. A conservative estimate would hold that two-thirds of Russian embassy staff in western states are members of the Russian intelligence community. Given the comprehensive thinking within the Russian system, all diplomatic staff operating outside the gates of the embassy compounds may, in fact, be performing intelligence activities. The costs of their expulsion are felt at the western diplomatic missions in Russia. These states wish to maintain a presence there — at least to be able to support their own citizens. The relatively uncompromising expulsion of Russian intelligence staff from the west, following Russia’s full-scale invasion of Ukraine in 2022, has led many western embassies in Moscow to reduce their work to a bare minimum as personnel have been forced to leave. This obviously harms their interests.

The second dilemma relates to the Russian citizens living in western states. The 2017 Intelligence Law of China famously required its citizens to support their country’s intelligence efforts — a stipulation that raised concerns about “everyday espionage” conducted by Chinese citizens both in China and abroad. The Russian authorities have not (yet) passed a similar law, but there is good reason to believe that they have moved quite close to it. The continued radicalisation of the regime — with its aggressive talk of “patriots” and “traitors” — will easily lead to a situation where Russian citizens in the west will find themselves under pressure from the authorities to support the state’s intelligence efforts. This is likely to encourage western governments to introduce a more scrupulous vetting of Russian nationals before allowing them into critical sectors in, for instance, academia or industry.

The final dilemma concerns prioritisation. What to prioritise given the scope and nature of Russian intelligence activities across the three domains? We are far beyond intelligence as a type of knowledge, produced by traditional spies, in our dealings with the wider Russian intelligence community. A keyword for a very diverse range of intelligence activities is “destruction” — in the cognitive, cyber, and physical domains. And it is carried out by a very diverse range of actors in a seamless web. It is a monumental challenge, which will require dedicated work and careful prioritisation on the part of western counterintelligence as long as the current conflict between Russia and the west continues.

This article was written for the Lennart Meri Conference special issue of ICDS Diplomaatia magazine. Views expressed in ICDS publications are those of the author(s).

Filed under: Commentary