Today's Deep Dive is 1,407 words and a 9-minute read.
Since Russia's invasion of Ukraine in 2022, the geopolitical landscape has shifted dramatically. Among the most prominent consequences has been the sanctions imposed by Western countries against Moscow targeting its economy, key individuals, and businesses. Moscow has vowed to retaliate, rolling out counter-sanctions in March 2022 on Western government officials and companies that oppose its military actions in Ukraine, which have since expanded to include significant figures and organizations, corporate executives, and activists.
These organizations and individuals, representing governments that have opposed Russia's military actions, may find themselves at risk not only from Russia's formal sanction regime but also from Russian President Vladimir Putin's established record of targeting perceived opponents abroad. This escalating tension underscores a growing security risk for Western officials, corporate executives, politicians, and activists, as well as operational risks for organizations targeted by Moscow's sabotage campaigns.
Moscow Aims for Massive Retaliation Against the West Over Ukraine Sanctions
Russia's response to Western sanctions following its invasion of Ukraine indicates a key shift in how it views the future trajectory of its relationships with the US and Europe. While relations between the Russia and the West have been going downhill since the mid-2000s, in recent years Moscow has signaled its readiness for long-term diplomatic and economic tensions. This progression of Russia's diplomatic strategy has been exemplified by Moscow's repeated threats to use nuclear weapons in the Ukraine conflict and public efforts to strengthen military cooperation with US adversaries such as Iran and North Korea.
Simultaneously, Russian officials have outlined a strategy for a long-term, low-level sabotage campaign against Western countries supporting Ukraine that operates in an asynchronous and multifaceted manner. In June 2023, Dmitry Medvedev, Russia's former president and current deputy chairman of the Security Council, explicitly called for Russians to disrupt Western economies, infrastructures, and social stability as retribution for Ukraine sanctions. This strategy is not limited to state actions but involves private actors and criminal networks.
The influence of these actions has already been felt. Russian-linked operatives have been implicated in multiple security incidents across Europe, including an arson attack on Ukrainian-linked business in London, cyberattacks that disrupted railway networks in NATO's eastern member states, and GPS jamming across the Baltic region. While some incidents, such as fires at German and British defense-related facilities, remain unproven acts of sabotage, their suspicious timing fits the pattern of Russia's escalated efforts to intimidate the West.
Despite the relatively limited impact of these attacks on Western supply chains and defense capabilities thus far, they mark a clear escalation in Russia's hybrid warfare. Moscow aims to raise the cost of Western support for Ukraine while avoiding a direct military confrontation that could trigger NATO's collective defense mechanism. As these operations intensify, Western governments and business will confront the need to adapt to the evolving risks posed by Russian aggression, which encompasses both cyber and physical security threats.
Russian Sabotage Efforts Are Becoming More Sophisticated
Russia's hybrid warfare has evolved into a more sophisticated and coordinated effort, aided by advances in cyber espionage techniques. Over the past year, Russian-backed advanced persistent threat (ATP) groups have targeted critical infrastructure and logistics networks in the US and Europe, and phishing attacks in particular have become more sophisticated in both social engineering strategies and technical aspects, with the goal of disrupting operations and/or damaging data integrity.
While Moscow's sabotage campaign has grown in sophistication, it has also demonstrated persistency, particularly in targeting organizations and individuals directly involved with militarily assisting Ukraine. In September 2024, Polish security services uncovered a sabotage operation linked to Russia and Belarus that sought to gather intelligence on military shipments to Ukraine and destabilize Poland. Russian operatives have also been linked to failed attempts to sabotage US military bases in Germany, as well as disruptions in European transportation networks, which are crucial for military logistics.
These hybrid attacks, occasionally carried out by proxies such as criminal networks or diaspora groups, allow Moscow to maintain deniability while inflicting damage on Western interests. Adding to the headwinds are Russia's disinformation efforts, which have greatly expanded in scope and sophistication since its invasion of Ukraine. Advances in generative artificial intelligence (AI) have enabled Moscow to streamline and refine its sabotage operations, evidenced by the US Department of Justice's disruption in July of a Russian AI-enabled social media bot farm that utilizes the technology to spread lies with greater precision, efficiency, and conviction.
With Moscow's preference for a low-level, prolonged sabotage campaign against the West, it is becoming more difficult for Western nations to respond effectively, as hybrid operations fall below the threshold for a conventional military response. Although many of these sabotage efforts have been thwarted or caused limited disruption, they reflect an ongoing campaign to intimidate Western nations and complicate their ability to support Ukraine. The growing sophistication of these attacks indicates that Russia is committed to continuing its hybrid warfare campaign, focusing on creating uncertainty and eroding the West's collective resolve.
Risks to Western Organizations and Individuals Sanctioned by Russia Are Accumulating
As Western sanctions against Russia intensified following the invasion of Ukraine, Moscow has expanded its own sanctions regime to encompass a broad range of organizations and individuals from the US, Europe, and Canada, as well as Japan and Singapore. While some of these counter-sanctions are symbolic – such as the 2022 Russian travel bans on US President Joe Biden and other senior officials – other measures may carry more serious implications for those directly targeted by the Kremlin. Lists of individuals and entities designated as unfriendly to Russian can become targeting lists for Russian direct action.
Under Putin's leadership, the Kremlin has demonstrated its willingness to attack dissidents abroad, shown by the 2006 poisoning of Alexander Litvinenko in London and 2018 attempted assassination of Sergei Skripal and his daughter in Salisbury. Yet, Moscow's reach does not stop with its domestic critics. Individuals critical of Russia or involved in implementing sanctions increasingly face personal threats.
In 2021, a former US ambassador to Ukraine experienced symptoms consistent with poisoning, believed to be linked to Russian intelligence. Meanwhile, US intelligence earlier this year uncovered a Russian plot to assassinate Armin Papperger, CEO of German arms manufacturer Rheinmetall, which supplies Ukraine with artillery shells and military vehicles. Though the plan was foiled by German security services after a US warning, it represents a broader Russian campaign to directly sabotage Western defense industry executives supporting Ukraine.
Beyond the personal safety of individuals designated by the Kremlin, sanctioned businesses and institutions and those associated with sanctioned individuals are also at risk. Russia's retaliatory actions extend beyond direct cyber and physical threats, with Russian disinformation campaigns often targeting Western businesses and institutions, aiming to damage their credibility and standing within their industries. This can create additional challenges for companies operating in markets where Russian influence is significant or where pro-Russian sentiment exists.
Mitigating the Risks
As Russia expands its toolkit of hybrid warfare strategies, Western organizations and individuals can seek ways to adapt to the growing risks. These include adopting stronger cybersecurity measures, enhancing physical security, and hedging against reputational risks posed by state-sponsored disinformation campaigns. The escalating nature of these threats underscores the need for a proactive, comprehensive approach to manage the complex and accumulating risks posed by Russia's ongoing retaliatory actions.
Targeted individuals, such as Western corporate executives sanctioned by Moscow for supporting Ukraine, can also take steps to minimize personal exposure to threats. These include actions such as limiting public information in advance on travel plans, avoiding unnecessary travel to regions where Russian influence is strong or where Moscow's intelligence services have a well-established presence.
When traveling in higher risk jurisdictions, individuals should leave personal devices at home and use loaners with clean contact lists and files. Using a virtual private network (VPN) when accessing the internet while traveling will add an extra layer of protection against potential cyber-sabotage efforts. Individuals should provide their itineraries to a colleague or family member at home, with contact information, as a contingency. Registering with the embassy or consulate at your destination opens a communications channel in case of an emergency.
The danger posed by Russia's sanctions extends beyond mere political posturing. As Moscow grows more isolated and aggressive, the potential for sanctioned Western organizations and individuals to become targets of Russia's extraterritorial repression is real and growing. By understanding the magnitude of the threat and taking appropriate steps to mitigate it, Western organizations and individuals can protect themselves from the long arm of Moscow's security apparatus.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.