Striking Back: A Unified Strategy to Degrade Putin’s Hybrid Threats
Amid the Russian army's setbacks, including the humiliation at Kursk, the Kremlin is intensifying its shadow war of sabotage, disinformation, and cyberattacks to weaken Western resolve.
“War is a continuation of politics by other means.” Carl Clausewitz
I. Introduction
In pursuit of Primakov's vision of a “multipolar” world order, Russia has adapted Soviet active measures, “Aktivnye Meropriyatiya,” into its hybrid warfare strategy, aiming to reassert itself as a global power and undermine the US-led international order. These subversive tactics, reminiscent of Soviet-era KGB operations, blends conventional military power with cyber operations, disinformation, subversion, sabotage and economic coercion, all while maintaining plausible deniability.
The Western response, however, has been notably timid, often marked by appeasement and reactive measures, reflecting a significant lapse in strategic leadership and foresight. This failure is evident in Russia’s military intervention in Syria and its unprovoked invasion of Ukraine. Moreover, despite economic sanctions and diplomatic isolation, the West has yet to successfully deter Russia. This has emboldened Putin's Tsarist-like imperial ambitions and his drive to restore Moscow’s dominance over post-Soviet neighboring countries, or “near abroad.”
II. Domino Effect: Current Geopolitical Impact
As Putin aggressively pursues his ambitions, the impact steadily undermines the rules-based international system. This shift has emboldened authoritarian regimes like China to escalate its territorial claims over Taiwan and the South China Sea. Similarly, rogue states like North Korea and Iran have intensified their destabilizing activities, targeting U.S. allies such as South Korea and Israel through nuclear blackmail and proxy wars. Autocratic leaders such as Maduro in Venezuela and Assad in Syria continue oppressing their people with political and military backing from Moscow. Non-state actors such as Hezbollah, Hamas, and the Houthis—collectively known as the "axis of resistance”– are ramping up their destabilizing activities, undermining regional stability and disrupting global trade. This geopolitical maneuvering has resulted in the formation of Russia-led strategic alignments and partnerships, such as the anti-Western "axis" comprising Russia, China, North Korea, and Iran, along with new geo-economic initiatives like the BRICS grain exchange, allowing Moscow to
III. Historical Context: From Soviet Tactics to Modern Adaptations
Putin's hybrid tactics mirrors Stalin’s active measures but is modernized for today's warfare
To understand Russia's destabilizing tactics, we must first examine their roots in Soviet-era tactics, now adapted and modernized for the current geopolitical landscape. Stalin’s active measures and Putin’s hybrid warfare highlight shared reliance on military power, psychological warfare, and political repression. Both leaders prioritize regime security over democratic principles and human rights. Stalin's show trials eliminated threats and created a climate of fear, solidifying his control through state-controlled media to propagate a cult of personality. Similarly, Putin manipulates Russia’s constitution, rigs elections and suppresses dissent through murder, poisoning and psychological warfare. By controlling the narrative, both instilled loyalty and suppressed dissent, seamlessly blending coercive tactics with psychological manipulation.
Putin's hybrid tactics mirrors Stalin’s active measures but is modernized for today's warfare. Both extensively use disinformation; Stalin's KGB spread disinformation (or dezinformatsiya) through media and covert operations like Operation InfeKtion, while the Kremlin employs cyber-enabled, AI-generated disinformation to reach global audiences. Politically, the KGB infiltrated peace movements and supported communist parties to destabilize Western democracies, akin to how Putin’s FSB cultivates ties with Eurosceptic far-left and far-right parties. Militarily, Stalin extended Soviet dominance over countries like the Baltic states, while Putin annexed Crimea in 2014 and invaded Ukraine in 2022.
Putin has also shifted Russian aggression from traditional espionage to sophisticated cyber warfare, effectively modernizing Soviet-era active measures. While Stalin’s KGB relied on conventional methods like Operation Trust, Putin's security services employ covert cyber operations, exemplified by the SolarWinds Hack. Influenced by the Russo-Georgian War and the Arab Spring, Putin has refocused his cyber doctrine to prioritize information security and enhance Russia’s cyber capabilities. This led to the establishment of RuNet, the "Russian Internet." This Russian firewall aims to strengthen control over the domestic digital landscape while facilitating cyberattacks abroad. Putin's use of technological advancements like AI has made these influence operations more pervasive and effective in destabilizing adversaries.
IV. Tactics of Russian Hybrid Warfare
These actives measures have evolved into a sophisticated hybrid warfare model, employing a range of tactics—from covert cyberattacks to economic coercion—to advance Russia's geostrategic interests.
Covert Operations
GRU Unit 29155, identified by Bellingcat, has been linked to various high-profile sabotage operations
The Kremlin employs its intelligence services, including the FSB, GRU, and SVR, to conduct covert operations such as poisonings, sabotage, and political interference. Notable operations include the 2016 GRU's involvement in a coup attempt to block Montenegro's NATO membership and the 2022 FSB-orchestrated protests in Moldova. GRU Unit 29155, identified by Bellingcat, has been linked to various high-profile sabotage operations, such as poisonings in Bulgaria, series of explosions at Czech and Bulgaria ammunition depots, the annexation of Crimea, attacks on Ukrainian Government digital infrastructures, and the assassination attempt on former Russian spy Sergei Skripal. Unit 29155 operatives have also been linked to the mysterious "Havana syndrome" that has affected U.S. personnel worldwide. These covert operations highlight the Kremlin's extensive use of clandestine tactics to achieve its geopolitical aims while maintaining plausible deniability.
Influence Operations
the GRU-linked Unit 54777, mirrors tactics of the Soviet Special Propaganda Directorate
The Kremlin skillfully blends covert, cyber-enabled disinformation with actions by government agencies, state-funded media, and social media influencers. The "Doppelgänger" network targets Ukraine, the US, and Germany with AI-generated content and fake news, while "Portal Kombat" focuses on Ukraine’s occupied territories, France, Germany, and Poland, aiming to undermine support for Ukraine. A key player, the GRU-linked Unit 54777, mirrors tactics of the Soviet Special Propaganda Directorate, manipulating public opinion to undermine support for Ukraine, exemplified by MH17 disinformation. Meanwhile, the SVR conducts its own information operations. For instance, "Project Kylo" uses AI to stoke anti-government sentiments and spread fear within Western societies. Russia's influence operations have also targeted global events, including interference in the 2016 Brexit referendum, the 2017 French presidential election (“Macron Leaks”), the 2021 German federal election, and the 2017 Catalan referendum. Similar tactics were used during the COVID-19 pandemic (2020-2022), with the aim of weakening and destabilizing Europe.
Cyber Warfare
Prominent threat actors in Russia's cyber warfare include GRU-linked Fancy Bear (APT28) and SVR-linked Cozy Bear (APT29).
Russia's cyber operations are integral to its hybrid warfare strategy and involve various threat actors, from state-controlled entities to independent cybercriminals. These operations range from disruptive attacks to sophisticated hack-and-leak campaigns, aiming to destabilize adversaries while providing plausible deniability for the Kremlin. Prominent threat actors in Russia's cyber warfare include GRU-linked Fancy Bear (APT28) and SVR-linked Cozy Bear (APT29). APT28 focuses on cyberattacks, notably attempting to disrupt OPCW investigations into the Skripal poisoning and the downing of Malaysia Airlines flight MH-17. It also orchestrated the 2017 NotPetya cyberattack and the 2016 hack-and-leak targeting the World Anti-Doping Agency (WADA). In contrast, APT29 specializes in cyber espionage and has been implicated in several major hacks over the past decade, including the 2020 SolarWinds hack, the 2016 Democratic National Committee hack-and-leak, and the 2020 attempts to hack into coronavirus vaccine research in the U.S., Britain, and Canada. Recently, APT29 has targeted political parties in Germany.
Weaponizing Orthodoxy
The ROC frames the invasion of Ukraine as "Holy Wars" against Western "Satanism.
Russia leverages societal divides by exploiting values, traditions, and religious beliefs to destabilize and exert control. The Russian Orthodox Church (ROC) and traditional values ecosystems serve both religious and operational purposes. The ROC frames the invasion of Ukraine as "Holy Wars" against Western "Satanism." Patriarch Kirill, a former KGB officer, asserts that Ukrainians and Russians are "one nation." These narratives aim to reassert Russia’s political and religious dominance over Ukraine. The ROC's extensive network promotes the concept of Russkiy Mir (Russian World) and disseminates Kremlin-approved disinformation, further complicating detection and countermeasures.
Economic Coercion
The Kremlin also leverages oligarch networks, such as U.S.-sanctioned Konstantin Malofeev's, to channel illicit funds
Russia's hybrid warfare strategy prominently features economic instruments, including energy dependency, nuclear diplomacy, and arms exports. State-controlled enterprises like Rosneft and Gazprom are used to undermine Europe's energy security. As Russia transitions to a full war economy, oil and gas exports to major buyers like China and India, along with sales through a shadow fleet, enable it to circumvent sanctions and fund Putin's war machine. This is facilitated by soaring commodity prices and continued access to SWIFT banking system. The Kremlin also leverages oligarch networks, such as U.S.-sanctioned Konstantin Malofeev's, to channel illicit funds and engage in money laundering, exploiting corruption and governance gaps. Nuclear diplomacy fosters dependencies and alliances, while arms exports extend Russia's global influence, securing political leverage and strategic footholds. This intertwining of business and geopolitics creates vulnerabilities, undermining long-term economic stability and posing significant risks to Western democracies.
Soft Power
Influential figures such as contemporary Eurasianist Aleksandr Dugin also play a significant role
Russia employs sophisticated soft power tactics to subtly influence and destabilize Western societies. These tactics include exploiting academia, Journalists, scientific and human rights organizations, elite capture and the infiltration of political parties. Russia's soft power network is extensive, encompassing state agencies like Rossotrudnichestvo, oligarch-funded foundations such as Konstantin Malofeev’s St. Vasily, and ultra-nationalist groups like the Russian Imperial Movement (RIM) and the biker gang Night Wolves dubbed “Putin’s Angels.” Influential figures such as contemporary Eurasianist Aleksandr Dugin also play a significant role. Together, these entities fund and promote “conservative values” and cultivate ties with far-right actors. This network subtly shifts political landscapes in favor of Russian interests by sowing discord within Western societies, legitimizing Russian aggression and undermining democratic institutions.
Lawfare
The Kremlin funds lobbying efforts and think tanks to shape policy decisions in favor of Russian interests
As a key component of its hybrid warfare, Russia weaponizes the law to undermine Western legal systems, stifle critics and suppress opposition. The Kremlin funds lobbying efforts and think tanks to shape policy decisions in favor of Russian interests. By targeting critics, Russia attempts to invalidate court decisions and roll back sanctions. These tactics include filing lawsuits to intimidate and financially drain critics, as evidenced by lawsuits against the BBC and Eliot Higgins of the investigative website Bellingcat. The Kremlin's strategic use of legal mechanisms extends to aggressive litigation often aimed at silencing dissent. This manipulation erodes trust in judicial institutions, making lawfare a potent tool in Russia's hybrid warfare arsenal.
V. Case Studies: Operational Application of Russia’s Hybrid tactics
Russia’s hybrid threats are not merely theoretical; they have been actively deployed across various regions, manifesting in real-world scenarios designed to undermine the post-Cold War order.
Undermining Western Democracies
GRU operatives lead this campaign by utilizing local criminal networks to recruit agents for sabotage missions
To undermine Western support for Ukraine, Putin has revived Stalin-era sabotage tactics across Europe, complemented by disinformation campaigns. According to the Dossier Center’s recent revelation, GRU operatives lead this campaign by utilizing local criminal networks to recruit agents for sabotage missions to slow arms supply to Ukraine, ensuring plausible deniability:
In response to France’s increased support for Ukraine, Russia has intensified its malign activities, including disrupting the Olympic Games, defacing the Holocaust memorial, and using disinformation to tarnish France’s image and sow social discord.
In the United States, Russia has launched online campaigns targeting the 2024 presidential election using fake accounts, phony news websites (e.g., D.C. Weekly), deepfake video, and AI-generated disinformation from bot farm to erode trust in democratic processes and the U.S.-European alliance.
In Germany, U.S. intelligence foiled a Russian plot to assassinate Armin Papperger, CEO of Rheinmetall, a major producer of artillery shells for Ukraine.
In Norway, Russian spies targeted key oil and gas facilities, while in Finland, Russia weaponizes migrants. Russian hackers launched a cyberattack on the UK's National Health Service (NHS) and carried out arson attack on pro-Ukraine businesses in London.
Across Poland and the Baltic States, GRU-linked saboteurs engage in arson, vandalism, Jamming navigation systems, and disinformation to sow discord and undermine support for Ukraine.
Russia's subversive tactics also include disrupting the 2024 EU Parliament election, and fueling separatist movements in Transnistria, Moldova; Abkhazia, Georgia; and Republika Srpska, Bosnia and Herzegovina. These subversive activities aim to hinder these countries' EU integration and undermine transatlantic institutions such as NATO.
Expanding Influence in Africa
These hybrid operations, overseen by Gen. Andrey Averyanov, deputy chief of the GRU
Russia seeks to expand its influence in Africa through arms sales, grain diplomacy, private military contractors (PMC), disinformation, elite capture and memory diplomacy, targeting several African countries:
In the Central African Republic, Russia deploys GRU-linked Africa Corps (formerly the Wagner Group) to provide regime security, training and weapons in exchange for a military base and gold and diamond mining rights .
In the Sahel region, Russian disinformation campaigns target France and the US, leading to the withdrawal of their military bases in Niger, Mali, and Burkina Faso, allowing Russia to grow its influence through military training and arms supplies under the guise of combating Islamist insurgency.
In Sudan, Russia courts the Sudan Armed Forces (SAF) to establish a Red Sea port while backing the Rapid Support Forces (RSF) with weapons and mercenaries in exchange for gold mining concessions.
In Libya, Russia bolsters military support for Khalifa Haftar's Libyan National Army (LNA) against the UN-recognized Government of National Accord (GNA), gaining access to hydrocarbon reserves and establishing a naval presence in the Mediterranean. Libya also serves as a launching pad for Russia’s broader malign influence in Africa.
Pro-Russia influence networks such as Russosphère (or Russian sphere) and influential figures like French-Beninese Kémi Séba and Swiss-Cameroonian Nathalie Yamb spread Russian disinformation under the guise of pan-Africanism. Platforms like the African Initiative, the Russia-Africa summit, the Russian-African Club, and Russia’s orthodox church further amplify this influence. Moreover, with African nations forming the largest voting bloc in the UN, Russia leverages its veto power to undermine peacekeeping missions and shield military juntas from sanctions. In return, Russia secures African support for a "multipolar" world order and favorable votes on issues related to its invasion of Ukraine. These hybrid operations, overseen by Gen. Andrey Averyanov, deputy chief of the GRU, extend Russia’s influence across Africa, allowing it to exploit strategic resources, erode Western influence, and threaten NATO’s southern flank.
V. Western Response Strategies
In response to Russia’s hybrid threats, the West must develop robust countermeasures, exploiting Russian grievances and resentment over a losing war, while bolstering Ukrainian resistance:
Disrupting the Kremlin's Grip
This strategy aims to weaken the Kremlin's hold on power by deepening regime fissures
The surge in treason and espionage cases underscores the increasing anxiety over the security and future of Putin's regime. Collaborate with organizations like “Gulagu.net” to expose the human rights abuses committed by Putin’s siloviki, particularly within the notorious Lefortovo FSB prison. Expose corruption within key government agencies, such as the Ministry of Defense. Highlight the illicit wealth of elites and oligarchs uncovered by organization such as the Anti-Corruption Foundation. Focus on senior officials, including Putin , to underscore the disparity between the ruling elite and the suffering of ordinary Russians. Highlight the vulnerability of the once-mighty Russian Army, exemplified by the failures of its “special military operations”—staggering losses, weaponry depletion, and battlefield degradation. Emphasize Ukraine’s successes, particularly the stunning Kursk Offensive. Disclose the names of military and intelligence officials involved in war crimes in Ukraine to pursue international prosecution. Amplify military bloggers (milbloggers)' growing disenchantment with the war. Stress the reliance on conscripts from ethnic republics like Buryatia and Dagestan and the increasing casualties to erode public support for the invasion. This strategy aims to weaken the Kremlin's hold on power by deepening regime fissures, exposing its terror, and amplifying dissent.
Breaking the Information Blockade
Provide circumvention tools and virtual private networks (VPNs) to bypass censorship and access blocked western media
To effectively penetrate Russia's tightly controlled information ecosystem, known as RuNet, fund and promote independent journalism by establishing Russian-speaking TV, radio, and news outlets like Current Time TV and Reporters Without Borders (RSF)'s Svoboda initiative, a satellite-based platform for distributing radio and TV content. Increase funding for U.S.-sponsored media such as Radio Free Europe/Radio Liberty and Voice of America, which were instrumental in countering Soviet propaganda during the Cold War. Provide circumvention tools and virtual private networks (VPNs) to bypass censorship and access blocked western media, social media platforms such as YouTube and Instagram, and messaging apps such as Signal. This strategy should also include digital literacy campaigns to educate the Russian populace on recognizing disinformation and using circumvention tools, leveraging Russia's most influential messaging platform Telegram. Create platforms and support networks for exiled journalists, enabling them to continue their work. Partner with tech firms to develop and distribute secure communication tools and apps, and engage with grassroots organizations and influencers to spread credible information within Russia. These efforts are crucial for fostering a diverse media landscape, ensuring the Russian public receives credible and factual news about Russia's illegal invasion of Ukraine, and countering Kremlin ‘s narrative.
Unmasking Russian Neo-Colonialism
Highlight Russia plundering of natural resources (e.g., titanium), Russification policies, forced displacement and demolition of memorials
While positioning itself as an anti-colonial power and a champion of the global south, Russia's behavior in Ukraine, Africa, and Central Asia reveal modern neo-colonial practices. Highlight Russia plundering of natural resources (e.g., titanium), Russification policies, forced displacement, demolition of memorials, and suppression of civil liberties to establish pseudo-states loyal to Moscow in Eastern Ukraine's Donbas region and Crimea. Expose Africa Corps ‘s atrocities, indiscriminate executions and plundering of valuable resources such as gold, diamond and forestry in Africa, in addition to the forced recruitment of African Students to fight in Ukraine. Emphasize how Russia enforces political and economic compliance in Central Asia through mechanisms like energy dependency, labor migration policies, and economic leverage. These strategies expose Russia's sophisticated neo-colonialism, focusing on economic exploitation and political manipulation rather than outright territorial conquest.
Exposing the Invasion's True Costs
Illustrate the impact of forced mobilization and sanctions on the Russian economy
Use powerful imagery and videos to expose Russian war crimes, extrajudicial executions, and torture by Russian soldiers in towns like Bucha and Mariupol. Highlight the torture of Ukrainian prisoners of war (POWs), deportation of children and attacks on civilian targets, including the indiscriminate bombing of hospitals and use of Chemical weapons, in violation of the Geneva Convention. Share personal accounts from Ukrainian civilians, soldiers, and Russian deserters to humanize the conflict and counteract propaganda. Amplify anti-regime and anti-war voices, such as those of the “Free Russia Forum,” to strengthen opposition to the invasion.
Illustrate the impact of forced mobilization and sanctions on the Russian economy through infographics and memes detailing rising inflation, soaring goods prices, sever shortage of labor, and massive brain drain, especially in Moscow and St. Petersburg. Contrast the lives of average Russians with those in the West and Ukraine to highlight the benefits of peace and stability, offering a compelling counter-narrative to state-controlled media. While propaganda may prolong the war, resentment among Russians over the mobilization for a costly imperial venture would expedite these effects.
Synchronizing Western Messaging
Mount information campaigns featuring Russian opposition voices and influential diasporas as cultural and informational ambassadors
Ensure NATO and EU countries synchronize their information campaigns, leveraging entities such as the Warsaw-based Ukraine Communications Group (UCG) to counter Russian disinformation. Mount information campaigns featuring Russian opposition voices and influential diasporas as cultural and informational ambassadors. Share their democratic life experiences and highlight political freedoms and economic opportunities to challenge Kremlin propaganda. High-profile visits and statements from Western leaders, such as President Biden's visit to Kyiv and UK Prime Minister Keir Starmer’s speech, draw media attention and emphasize commitment to Ukrainian sovereignty. By harmonizing efforts and delivering a consistent message, the West can effectively counter Russian disinformation and support Ukraine's fight for sovereignty.
Strengthening Transatlantic Institutions
Deploy U.S. Cyber Command (USCYBERCOM) to plan and execute cyber operations against Russian threat actors
To effectively counter Russia's hybrid threats and strengthen Euro-Atlantic security, it is essential to enhance transatlantic institutions through improved intelligence-sharing and interagency coordination. Utilize the Five Eyes (FVEY) alliance's intelligence capabilities to identify and disrupt Russia's covert cyber and information operations. Leverage NATO's Strategic Communications Centre of Excellence (NATO StratCom) and its advanced AI capabilities to combat AI-enabled disinformation and conduct unified campaigns targeting Russian-speaking audiences. Deploy U.S. Cyber Command (USCYBERCOM) to plan and execute cyber operations against Russian threat actors, employing strategies similar to the Stuxnet operation against Iran. Expand the Department of State’s Global Engagement Center (GEC) mission and resources to effectively coordinate and conduct influence operations, counter foreign malign influence—particularly Russian disinformation—and strengthen the resilience of Western democracies.
Embracing Advanced Technologies
Tools like Natural Language Processing (NLP) can be used to combat disinformation through sentiment analysis
Leverage advanced algorithm, machine learning and Artificial intelligence (AI) to enhance real-time threat assessment and predictive modeling, enabling the swift detection of cyber-enabled disinformation and AI-driven threats. Tools like Natural Language Processing (NLP) can be used to combat disinformation through sentiment analysis, semantic analysis and fact-checking to confirm content accuracy, spotting clickbait headlines, and reliability assessment. Algorithms like Grover identify AI-generated content, while AI-powered tools such as Stanford's ModBot remove harmful social media content to maintain discussion integrity. These technologies strengthen defenses against cyber and AI-enabled threats aimed at destabilizing Western democracies and weakening Euro-Atlantic alliance.
VI. Conclusion: The Path Forward for Western Democracies
As the Russia-Ukraine war enters a new phase of attrition, Russia will intensify its hybrid attacks, exploiting divisions within NATO and the EU to weaken Western support for Ukraine. Yet, Ukraine's daring Kursk Offensive has demonstrated its ability to defend itself and strike back against one of the world's largest armies. The West must now move beyond its risk-averse stance and develop a viable theory of victory for Ukraine. Thus, decisive action is essential to effectively counter these asymmetric threats:
First, strengthen transatlantic cooperation, enhance cyber defenses, and leverage modern technology alongside historical insights. Lessons from WWII and Cold War information campaigns, like the U.S. campaign QRHELPFUL, which contributed to the fall of the Iron Curtain, demonstrate the power of coordinated efforts in degrading Nazi and Soviet propaganda. By adapting these successes to modern adversaries through advanced AI and machine learning, we can develop sophisticated information campaigns, build effective deterrence, and enhance rapid response capabilities to degrade hybrid threats.
Next, NATO and EU member states must enhance intelligence sharing, develop advanced cybersecurity measures to protect critical infrastructure, and coordinate efforts to detect hybrid threats. Strengthening transatlantic institutions like USCYBERCOM, NATO StratCom, and GEC is vital for coordinating efforts and crafting strategies to counter Russia's hybrid attacks and execute cyber and information operations. By leveraging their expertise and resources, the West can more effectively identify hybrid threats, mitigate vulnerabilities, and enhance the resilience of member states.
Furthermore, a unified and proactive strategy is essential to safeguard Western democracies, preserve Ukraine's sovereignty, and ensure Euro-Atlantic security against Russia’s hybrid threats. This comprehensive approach enhances global stability and security by increasing financial and reputational costs for Russia’s hybrid attacks, prioritizing resilience in vulnerable states, linking punishments to specific subversive activities, and ensuring rapid attribution of covert actions.
The time for decisive action is now. By uniting efforts, leveraging technological advancements, and harnessing collective strengths, we can protect our democracies, secure our alliances, and showcase the power of a united Western front in overcoming common adversaries.