The last four years have been marked by a significant increase in the activities of Russian intelligence services throughout Europe. The entire spectrum of hybrid operations is recorded, ranging from agent recruitment to critical infrastructure sabotage and cyber attack. These processes became especially noticeable after 2022, when the full-scale invasion of Ukraine by Russia turned Moscow’s relations with Europe into a regime of «invisible war».
Although the mass expulsions of Russian diplomats and intelligence officers in 2022-2023 severely hit the Russian network of residences, Moscow not only did not reduce its intelligence activities, but on the contrary, significantly intensified efforts in this direction.
According to the German counterintelligence, representatives of the Russian special services have generously offered local citizens significant amounts for the transmission of confidential information. In 2023, a Bundesver employee was arrested for passing information on NATO plans to Moscow. In Poland, a group of citizens suspected of spying on railway facilities through which military aid to Ukraine is passing was detained. In the Czech Republic, the media reported on a exposed network that collected data on the movement of allied military equipment, a similar situation in the Baltic countries, where local intelligence agencies regularly report on prevented recruitment attempts. In a number of cases, cooperation was involved with officials or military personnel who had access to critical NATO data. In Latvia, for example, a former member of the Ministry of Defence was arrested as a suspect in the transfer of classified material.
But the activities of the Russian intelligence services are not limited to recruitment work. After 2022, there were more and more cases of sabotage in Europe, which experts associate with Russia’s attempts to disrupt stability and sow chaos in the region. The biggest episode was the Nord Stream pipeline explosions in September 2022. Despite the lack of a definitive international attribution, many states have indicated directly or indirectly the possible participation of Russian structures.
Damage to submarine cables and power lines was also recorded in the Baltic region. In 2023-2024, Poland, Lithuania and other countries announced the detention of groups suspected of arson, sabotage and attacks on infrastructure. Investigations have shown that such actions could be coordinated through proxy networks and non-state actors, allowing Moscow to distance itself from direct accusations.
In parallel with direct diversifications, Moscow continues to actively use disinformation tools and political influence. The funding of pro-Russian parties and groups, social media outlets, discrediting campaigns – all this is aimed at polarization of the European community. Studies by think tanks indicate that such campaigns are synchronized with real crises, such as migration, energy or domestic politics.
Today, it is already obvious to many that cyberspace has become another front of «invisible» war. European governments regularly report attacks on public institutions, energy systems and telecommunications companies. Many operations are attributed to units of the Russian GRU, including the notorious unit «Unit 29155», previously involved in sabotage actions in the Czech Republic (explosion at ammunition depots in Vrbétizia in 2014) and Bulgaria (attempted poisoning of a gun magnate and attacks on factories in 2020).
The aim of such attacks is not only to steal information, but also to destabilize the work of critical infrastructure. For example, in 2023, the Norwegian government announced massive cyber attacks on its energy companies that were linked to Russian hacking groups. In June 2022 in Lithuania, at the height of the transit crisis, there were large-scale DDoS attacks on websites of government agencies and transport companies, and in Germany, in October of the same year, special services investigated an attack on the railway network that caused train traffic disruptions. All these incidents have shown that cyber-attacks are becoming a tool of pressure not only on political elites, but also on civil society.
Thus, the activities of the Russian special services go beyond traditional espionage and become a systematic tool of pressure. According to various sources, between 2014 and 2024, Russia carried out more than 200 hybrid operations, including cyberattacks, sabotage, misinformation and GPS jamming.
The response of the EU and individual states has been mass expulsions of diplomats, strengthening legislative measures against foreign interference and strengthening counterintelligence. In 2022-2023 alone, the EU countries expelled hundreds of Russian diplomats, many of whom were suspected of intelligence activities. In parallel, investigations have been intensified, starting with high-profile cases against suspected spies and the publication of intelligence reports warning of threats. The European Parliament and national parliaments are increasingly raising the issue of coordinating efforts and exchanging data on Russian intelligence activities between countries.
The last four years have shown that the special services of the Russian Federation operate not selectively, but systemically. Espionage, sabotage, cyber-attacks and disinformation are all part of the same strategy to destabilize Europe and weaken its political unity. In response, European countries have to restructure their own security systems, strengthen coordination, and shape long-term counter-strategies.