Executive Summary
Since the full-scale invasion of Ukraine, Russian intelligence operations have shifted toward a mass-scale approach, focusing on sabotage, intelligence collection, and influence efforts. This transformation is driven by Russia’s expanding operational demands, even as it is constrained by mass expulsions of intelligence officers and the urgency to ramp up operations. In response, Russian intelligence has prioritized quantity over quality, relying on multiple cheap, inefficient, and nonprofessional resources. Sheer numbers compensate for inefficiency, and anonymity provides an added layer of plausible deniability.
A key driver of this shift has been the Kremlin’s efforts to undermine Western support for Ukraine, which disrupted Russia’s plans for a quick victory. Russian intelligence—Russia’s primary strategic tool since the Soviet era—was tasked with imposing costs on the North Atlantic Treaty Organization (NATO), shaping public opinion, disrupting arms shipments, and gathering intelligence. However, with diminished capabilities and a decline in professionalism, Russian intelligence has moved away from precision-driven, professionalized operations to a mass-scale, decentralized model that mirrors broader trends in Russian military strategy. This change aligns with Russian military and strategic thinking, in which material shortages are compensated by sheer numbers and a disregard for casualties. This transformation has significant implications for intelligence efficacy, resource management, and global security.
The shift from quality to quantity
Historically, Soviet intelligence operations during the era of the KGB (the Russian Committee for State Security) were marked by precision and the use of highly trained operatives. These operations focused on high-value targeted objectives such as the infiltration of foreign governments, high-profile assassinations, and covert activities. After the disintegration of the Soviet Union in 1991, Russian intelligence largely maintained this approach throughout the post–Cold War period. Although subtle changes might have begun to emerge during Russia’s initial operations in Ukraine in 2014, the dramatic shift became unmistakable during the full-scale invasion in 2022. In recent years, Russia’s intelligence operations have increasingly prioritized quantity over precision, mirroring a broader trend in its military strategy, particularly the “meat grinder” tactics that favor overwhelming force over precision. The shift also reflects a high-performance systems design approach in which multiple low-cost, off-the-shelf components replace expensive, custom-built solutions to achieve strategic goals.
Surge in sabotage, intelligence collection, and influence operations
Russian intelligence has long been Russia’s primary tool for achieving strategic results, with sabotage being one of its main methods. The rise in sabotage operations targeting critical infrastructure, military sites, transportation networks, and manufacturing and storage facilities reflects the shift from precision to mass-scale tactics. These operations are wide-ranging and indiscriminate, with targets spanning from vital infrastructure—such as water treatment facilities in Finland—to retail locations, such as IKEA stores in Lithuania and Poland. Designed to undermine the West’s support for Ukraine while remaining below the threshold of active warfare, these attacks highlight the scale and ambition of Russian intelligence efforts. This wave of sabotage has been accompanied by intensified influence operations and intelligence gathering, complementing campaigns of disinformation, cyberattacks, and manipulation of public opinion, reaching unprecedented levels and threatening NATO cohesion.
Expansion of Russian intelligence activities
The surge in Russian intelligence operations has the potential to expand Russia’s global reach, driven by recruitment across diverse populations, including refugees, ethnic Russians, Russia sympathizers, and criminals. Social media, encrypted channels such as Telegram, and anonymous online recruitment underscore the decentralized and cost-effective nature of these activities. Cryptocurrency facilitates covert payments, bypassing traditional financial systems. This approach closely mirrors Islamist terrorist recruitment, relying on vulnerable individuals, encrypted communication channels, and financial or ideological incentives to recruit agents.
Implications for intelligence efficacy and global security
The shift toward quantity-driven intelligence tactics poses significant challenges for global law enforcement and counterintelligence efforts. Although mass-scale, less specialized operations reduce precision and increase the risk of failure, they can cause widespread damage, casualties, and fear. From a broader security perspective, the shift from quality to quantity in Russian intelligence operations threatens regional stability and could have far-reaching consequences for global security.
Recommendations
To counter Russia’s growing intelligence capabilities and mitigate the risks posed by the shift in Russian intelligence strategies, we offer the following recommendations:
- Strengthen intelligence collaboration and integration. Enhanced coordination and information sharing among NATO and its allies will enable a unified and proactive response to Russian intelligence activities, facilitating quicker identification and disruption of sabotage or intelligence-gathering activities.
- Improve attribution and analysis capabilities. A key challenge to Russia’s evolving tactics is the difficulty in timely attribution. Improving attribution techniques and accelerating disclosure will enable faster, more coordinated responses, reducing the effectiveness of Russian covert operations.
- Enhance monitoring of social media and encrypted communication platforms. Enhanced monitoring of messaging and social media platforms used by Russian intelligence for recruiting is critical. Similarly, it is essential to engage with platform providers to ensure speedy cooperation with law enforcement and counterintelligence agencies. Preventing cryptocurrency trading bots from operating on noncompliant crypto exchanges restricts Russia’s ability to conduct untraceable financial operations. It is also crucial to continuously identify platforms suitable for recruitment to anticipate and counter shifts in Russian intelligence operations.
- Develop outreach programs in vulnerable communities. Raising awareness of Russian intelligence recruitment tactics among vulnerable communities—such as ethnic Russians, Ukrainian refugees, and migrant populations—by expanding outreach programs and strengthening collaboration with local law enforcement enhances vigilance and facilitates identification and disruption of recruitment attempts for sabotage or espionage.
- Emphasize rapid disclosure and public awareness. Rapid disclosure of suspected Russian sabotage or influence attempts enhances public awareness and strengthens response efforts. Timely investigations and public attribution help counter disinformation, limit the effects of influence operations, and prevent the spread of misinformation. Public awareness campaigns reinforce resilience against manipulation.
- Adapt to the evolving nature of warfare and intelligence. Russia’s growing focus on mass-scale intelligence operations calls for NATO and its allies to reevaluate current counterintelligence strategies. Governments and international bodies need to adapt to a landscape in which quantity-driven, decentralized operations are increasingly common. Effective responses require flexibility in resource management, intelligence gathering, and counterintelligence strategies to address the growing complexity of Russian intelligence operations.
Conclusion
The shift in Russian intelligence operations reflects increased operational demands coupled with capability constraints. The move from precision-driven specialized operations to mass-scale, low-cost strategies signals a fundamental transformation in how Russia conducts intelligence operations. Although this shift poses significant challenges to global security, the international community can adapt to and mitigate the risks by enhancing collaboration, improving attribution capabilities, and adjusting strategies to counter Russia’s growing reliance on quantity-driven intelligence. By doing so, NATO and its allies can better safeguard both regional and global stability in the face of evolving threats.
Download reportApproved for public release. Unlimited distribution.
Details
- Pages: 23
- Document Number: IOP-2025-U-041545-Final
- Publication Date: 5/30/2025