The National Interest
September 29, 2023
Moscow may be economically weak, and its conventional military is a far cry from the feared Red Army of the Cold War. But Russia is far from down and out.
by Daniel Byman Seth G. Jones
Russia is spent. Foreign investors and some of the country’s best minds have fled, the economy is hobbled by sanctions, and its military is bogged down in Ukraine, with many of its elite soldiers dead and best equipment destroyed. The revolt of Yevgeny Prigozhin and his Wagner Group in June 2023 seemed a final humiliation, revealing a once-feared dictator reduced to bargaining with individual commanders. This weakness is real: if Russian president Vladimir Putin could turn back the clock, it is hard to imagine he would again choose to invade Ukraine.
Russia’s massive losses will probably make Putin cautious about conventional military operations in the foreseeable future. Even if Putin were tempted, the United States has increased the number of its ground forces in Europe to their highest level in nearly two decades, and NATO’s conventional and nuclear deterrence is robust. Nor would the Russian people and elite be eager to support an invasion of a NATO country and risk escalation to nuclear war.
Yet Putin shows no sign of leaving power. He continues to harbor revisionist aims and expresses admiration for Russian conquerors like Peter the Great. Russia still seeks influence in Central Asia, the Caucasus, the Middle East, Africa, and Europe. As long as Putin is in power, he will undermine any future Ukrainian government and attempt to deter and punish Western countries that support Kyiv. The expansion of NATO to include Finland and eventually Sweden, the military build-up of NATO forces in Eastern Europe, and continuing military aid to Ukraine are particular affronts to Putin, even though they are justified as necessary responses to Russian aggression. Putin sees the United States, which he refers to as the “main enemy” (or glavny vrag), engaged in both hard and soft power actions to encircle and overthrow his regime.
There is a way for Russia to square this circle of maximal ambitions and weak conventional capabilities: gray zone warfare, which we define as covert operations, disinformation, subversion, sabotage, cyber-attacks, and other methods that advance a state’s security objectives but fall short of conventional warfare. Russia has numerous skilled intelligence officers, paramilitary forces, elite hackers, and other personnel who enable it to excel in this arena. Moreover, Russia’s track record in gray zone warfare is impressive, in contrast to its poor performance on the battlefield.
Russia’s future gray zone warfare will likely take many forms. European countries could suffer clandestine attacks against oil and gas pipelines and underwater fiber-optic cables. Border states like Poland, Finland, and Estonia could face a flood of illegal immigrants massing on their borders. Central Asian and African leaders who stand up to Moscow might find local insurgents awash in Russian weapons and trained by Russian special operations forces. Local critics of Moscow might suddenly suffer a series of suspicious accidents, including poisonings. Cyber attacks might take down financial systems and other critical infrastructure. Disinformation on social media platforms might be used to divide the West, while propaganda explains away Russian misdeeds, with artificial intelligence (AI) being used for even more creative mischief.
Despite Russia’s impressive gray zone capabilities, however, it has significant weaknesses. Moscow’s gray zone efforts are often uncoordinated, and the country’s technical talent is limited compared with that of the United States and Europe. Its private military companies, like Wagner, may face many additional restrictions as Putin questions their loyalty.
Bolstering U.S. and allied cyber and border defenses, sharing intelligence, and providing training and advice to local militaries can reduce the danger of gray zone warfare. But the West does not only have to play defense. Russia is also vulnerable to gray zone tactics by the United States and its European allies in Belarus, the Middle East, Africa, and even Russia itself.
Russia’s gray zone warfare draws on a long and robust history. During the Cold War, the Soviet Union excelled at conducting covert intelligence operations and subverting its enemies, tarnishing global views of the United States and at times creating opportunities for near-bloodless communist takeovers of governments. KGB active measures included creating front organizations, backing friendly political movements, covertly funding political parties, provoking domestic unrest, and churning out forgeries and other types of disinformation.
These operations continued after the fall of the Soviet Union. Russia’s support for separatists in Abkhazia, South Ossetia, and Transnistria; assassinations of dissidents; cyber and information campaigns in the Baltic states; and use of private military companies in Africa and the Middle East to project its influence all are experiences on which Russia will build as it pursues an aggressive foreign policy while seeking to avoid all-out war. Such organizations as the Main Intelligence Directorate (GRU), Foreign Intelligence Service (SVR), Foreign Security Service (FSB), and Spetsnaz have a robust history of gray zone warfare.
Gray zone warfare also fits Moscow’s worldview. Russian security elites, not just Putin, see the world as full of secret threats and have an operational culture that considers the best defense as a good offense. As former Director of National Intelligence James Clapper contends, Russians “are almost genetically driven to co-opt, penetrate, gain favor, whatever.”
Consequently, Russia poses a multifaceted threat through its use of covert action, cyber operations, disinformation, and political subversion. These components of gray zone warfare are not mutually exclusive. Moscow frequently uses a combination of them to weaken its adversaries and expand its influence.
Covert Action
Moscow has long conducted covert action to deter or punish defectors and opposition leaders, subvert U.S. and NATO policies, and expand Russian influence. During the Cold War, the KGB assassinated several foreign leaders, such as Afghan president Hafizullah Amin, in pursuit of Russian foreign policy interests. The KGB’s 13th Department was particularly notorious for targeted assassinations abroad, including the killing of Russian revolutionary leader Leon Trotsky in Mexico City in 1940.
Moscow targets political opponents abroad for two major reasons. The first is to exact revenge on Russian spies, diplomats, soldiers, and even journalists and academics who flee the country, criticize the Kremlin, and aid Moscow’s enemies. A second goal is to deter future betrayals and send an unambiguous message that defectors will be hunted down. In March 2006, Russian agents poisoned Alexander Litvinenko, a former FSB officer who defected to the United Kingdom, at a London hotel. In March 2018, Russian agents poisoned Sergei Skripal, a former GRU officer that defected to the UK, who Putin called a “scumbag” and a “traitor to the motherland.”
Russia’s war in Ukraine triggered an exodus of technocrats, soldiers, spies, oligarchs, and journalists who fled to the West, disenchanted with Putin’s authoritarianism and strategic blunders. Those who cooperate with Western governments or publicly speak out against the Kremlin could become targets of Russian intimidation and even assassination.
Russian security agencies have also conducted paramilitary activity abroad to further Russian foreign policy interests and undermine its adversaries, including the United States. Perhaps the quintessential example was in Crimea in 2014. The Kremlin effectively used masked special operations forces, or “little green men,” to seize Crimea from Ukraine without firing a shot. Russia also conducted sabotage operations in Europe, including planting bombs at two weapons depots in 2014 in the Czech Republic that were allegedly storing arms headed to the Syrian opposition, which Moscow opposed. In March 2023, Polish authorities uncovered a GRU operation to bomb rail lines that transported weapons and other aid to Ukraine. Russian actors with ties to Russian intelligence also plotted to organize protests in Moldova in 2023 as a pretext for mounting an insurrection against the Moldovan government, which Moscow viewed as too pro-Western.
U.S. and European critical infrastructure are potential targets of paramilitary activity. One example is the underwater fiber-optic cables that connect Europe with North America and link European countries with each other. There are currently sixteen cables running under the Atlantic that link the United States with mainland Europe, which are critical for global communication and account for roughly 95 percent of all transatlantic data traffic. Russia has already signaled that it could target these cables with special operations forces, intelligence units, and submarines. In January 2022, the Russian Navy allegedly mapped out the undersea cables off the coast of Ireland and carried out maneuvers, raising serious concerns in Europe and the United States about Russian sabotage.
Other potential Russian gray zone activities include weaponizing immigrants and targeting Europe’s intricate network of gas and oil pipelines, which serve as the lifeblood of European energy. Migration, especially from Africa and Muslim countries, is an emotional issue in Europe. In 2021, Belarus leader Alexander Lukashenko threatened to “flood” the European Union with “drugs and migrants.” His government then sent thousands of migrants from Iraq, Syria, Myanmar, and Afghanistan to the borders of Latvia, Lithuania, and especially Poland. In August 2023, leaders from Poland, Lithuania, and Latvia warned that they were seeing growing tensions on their borders with Belarus and threatened to seal their borders if Lukashenko weaponized immigration. The Italian government claimed in 2023 that the Wagner Group was behind a surge in migrants from Libya, where Wagner is active.
Despite Prigozhin’s death, the Kremlin could also use private military companies in the Middle East, Africa, and other regions to increase Russian influence, undercut U.S. leadership, present itself as a security partner, and gain military access and economic opportunities. Russia could also work with partners like Iran to covertly target U.S. or other NATO forces overseas. During the war in Syria, Russia and Iran worked closely with Lebanese Hezbollah and Iraqi militias to retake territory for the Bashar al-Assad government. These covert tools give Moscow numerous options to hit back at the West.
Russian security agencies, such as the GRU, SVR, and FSB, have increasingly conducted cyber attacks to target critical infrastructure, undermine democratic institutions, steal government and corporate secrets, and sow disorder within or between Western allies. In some cases, Russia has conducted cyber attacks in tandem with military or paramilitary operations.
One frequent tactic is to sabotage adversaries’ critical infrastructure or to plant malware in critical infrastructure for use in a future war. Russian malware is designed to do a range of malicious activities, such as overwriting data and rendering machines unbootable, deleting data, and destroying critical infrastructure, such as industrial production and processes. Russia and Russian-linked hackers use a range of common intrusion techniques, such as exploiting public-facing web-based applications, sending spear-phishing e-mails with attachments or links, and stealing credentials and using valid e-mail accounts.
In 2017, for example, the GRU deployed NotPetya, a data-destroying malware that proliferated across multiple networks before executing a disk encryption program, which destroyed all data on targeted computers. NotPetya’s global impact was massive, disabling an estimated 500,000 computers in Ukraine, decreasing Ukraine’s GDP by 0.5 percent in 2017, and affecting organizations across sixty-five countries. Global victims included U.S. multinational companies FedEx and Merck, which lost millions of dollars because of technology cleanup and disrupted business.
The West is also a target. In 2020, the SVR orchestrated a brazen attack against dozens of U.S. companies and government agencies by attaching malware to a software update from SolarWinds, a company based in Austin, Texas, that makes network monitoring software. The DarkSide, a hacking group operating in part from Russian soil, conducted a ransomware attack against the U.S. company Colonial Pipeline, which led executives to shut down a major pipeline for several days and created fuel shortages across the southeastern United States.
In 2023, Polish intelligence services claimed that Russia hacked the country’s railways in an attempt to disrupt rail traffic in the country, some of which are used to transport weapons to Ukraine. According to U.S. government assessments, Russia has targeted the computer systems of underwater cables and industrial control systems in the United States and allied countries. Compromising such infrastructure facilitates and demonstrates Russia’s ability to damage infrastructure during a crisis.
Russian agencies also use cyber attacks during elections to undermine faith in democracy by influencing public sentiment during an election campaign and raising questions about the democratic process. Moscow has targeted specific candidates by stealing or forging documents and then leaking them on public websites or social media platforms. Often referred to as “hack-and-leak operations,” the objective is to undermine faith in political candidates. Another tactic is to disrupt the voting or counting process by targeting computer systems. In addition, Russia has conducted cyber attacks during elections in an attempt to influence issues of importance to Moscow. For example, Russian security agencies have conducted cyber attacks during multiple European elections to weaken support for the European Union, NATO, and the United States.
The breadth of Russian activity is impressive. Russian cyber campaigns have attempted to disrupt elections in the United States, France, Germany, the Czech Republic, the Netherlands, Spain, Italy, Bulgaria, Austria, and dozens of other countries, according to the Dyadic Cyber Incident Database compiled by U.S. academics. These attacks are likely to continue, including during the 2024 U.S. presidential election campaign.
Disinformation
Russia has long used disinformation, often more effectively than its rivals, to supplement other tools and as a weapon by itself. During the Cold War, the Soviet Union successfully promoted the falsehood that the CIA was linked to the assassination of President John F. Kennedy and that U.S. scientists invented the AIDS virus, a campaign referred to as Operation Denver.
Russia uses information campaigns abroad to make the Putin regime look good at home. By highlighting pro-Russian sentiment in Europe, the corruption of Russia’s enemies, and unpopular European policies on immigration, Moscow tries to make its own regime more popular as well as discredit its enemies. Similarly, Russia has tried to create an image of itself as a muscular Christian nation, contrasting its policies with LGBTQ+ and immigrant-friendly Europe and the United States.
Beyond bolstering Putin, disinformation is a way to weaken and divide Russia’s enemies. Famously, the Internet Research Agency, a Russian troll farm, used disinformation in an attempt to influence the 2016 U.S. election, seeking to discredit Secretary of State Hillary Clinton and promote Donald Trump. On YouTube, Instagram, Facebook, Twitter, and other social media platforms, trolls pushed propaganda on immigration, race, and gun rights to conservative accounts while other parts of the Russian effort encouraged Black Americans to protest, inflaming tension among Americans.
In subsequent years, Russia has spread disinformation related to COVID-19 and other conspiracies, used a false news site in 2020 to get legitimate U.S. journalists to write stories on social disruption in the United States, and magnified the potential side effects of COVID-19 vaccines to decrease support for the Biden administration.
Ukraine is both a subject and a target of disinformation. In the years between Russia’s 2014 proxy war and 2022 invasion, Russian propaganda stressed that Ukraine was a failed, Nazi-led state, whose army was brutal to the local population. After Russia invaded Ukraine, the disinformation machine kicked into overdrive, both to justify the invasion at home and to undermine support for helping Ukraine abroad. To European audiences hosting large numbers of refugees like Poland, Russian propaganda claimed that the government was helping refugees over their own citizens. In Africa and other parts of the developing world, Moscow pushed the idea that the EU had banned Russian agricultural products while keeping Ukraine’s grain, causing a global food crisis.
Russia exploits overt and covert information sources, ranging from official government media to disinformation via government agencies, often in combination. Russia’s Foreign Ministry, for example, has played up false reports from Russian media of immigrants raping a thirteen-year-old Russian-German girl to stir up divisions in Germany and accusing the German government of not doing enough to protect its people, a sentiment that undermined German confidence in government and bolstered Russia’s image as tough on criminal immigrants. Even the Russian Orthodox Church, whose patriarch is staunchly pro-Putin, is involved. The church spreads propaganda while allowing its facilities to be used as safe houses for Russian priests to work with Russian intelligence agents.
Social media offers numerous, and cheap, additional ways to spread disinformation. Moscow uses fake accounts, anonymous websites, bots, and other means to spread its message, often using these sources to spread RT and Sputnik propaganda and to provide “evidence” for further lies from official media. Some of this involves troll accounts monitored by humans. Moscow also uses bots to try to amplify content and tries to exploit social media company algorithms to target particular audiences. At times, Russia will create innocuous accounts focused on health, fitness, or sports and then later, when they have a substantial following, begin to introduce political messages.
The wide array of actors each has its own audience. In addition, they amplify each other, with state voices and seemingly independent ones validating each other. Halting some are more difficult than others: it is one thing to block Russian state television or take down fake accounts, but it is another to block the Orthodox Church with millions of adherents outside Russia.
Generative AI offers a new means of disinformation. At the outset of the Ukraine war, Russia attempted to use a deepfake of President Volodymyr Zelenskyy that led it to appear that he had fled the country and was urging troops to lay down their arms. Less dramatically, Russia spread deepfakes on Facebook and Reddit that showed Ukrainian teachers praising Putin. The technology has improved by leaps and bounds since then. Deepfakes will be increasingly cheap and easy to produce, and this can be done at scale, allowing Russia to flood the zone with convincing falsehoods.
There are myriad potential uses of deepfakes. Russia’s attempt to blame Ukraine for instigating the 2022 invasion could be more convincing in the future by “leaking” deepfakes of Ukrainian generals planning an attack on Russian territory. Moscow can spread scurrilous rumors about anti-Russian leaders and undermine their political support by releasing fake videos of them in compromising situations or saying offensive remarks. Moscow could try to further polarize the United States or other countries, worsening existing racial tension by releasing videos of supposedly violent Black Lives Matter rallies or of police abuses of members of minority communities. In Europe, variations of this might play out with anti-migrant videos showing migrants committing rape and murder, often mixing genuine crimes and violence with false information.
Such efforts might not sway people to Russia’s position. However, they are likely to sow discord and decrease confidence in government in general. All information, even the truth, would be suspect.
Political Subversion
In the Soviet days, Moscow aggressively subverted unfriendly governments, and these efforts helped it install Communist regimes in several Eastern European states at the end of World War II. In the 1950s, the Soviet Union infiltrated trade union movements in Africa, encouraged radical nationalist parties, and otherwise tried to shape the politics of countries it sought to influence.
Although Russian interference in the 2016 U.S. election and disinformation related to the Brexit vote that year correctly gathered considerable attention, Russia has also subsequently interfered in elections throughout Europe. In 2017, Russia pushed conspiracy theories and other radical ideas into the Czech Republic, played up migrant crime in the March 2018 Italian election, and used fake news, social media trolls, and other means to target Emmanuel Macron’s campaign in France. In Sweden, Russia spread disinformation about a joint military exercise with NATO. Russian disinformation also heated up during large-scale protests, such as pro-independence ones in Catalonia in 2017 and “yellow vest” demonstrations in France in 2018-2019. Russian propaganda regularly questioned the legitimacy of the European Union, blaming it for problems with migrants, and used disinformation to try to depress turnout in the May 2019 EU elections. Indeed, data from the University of Toronto suggests that almost every European country was targeted in one way or another.
At times, Russia supports political parties that share its interests. Some of these are anti-establishment parties, like the Alternative für Deutschland in Germany or Marine Le Pen’s National Rally in France, the latter of which also received a loan from a Russian bank. In Greece, Russia backed both far-left and far-right parties, as both were Euro-skeptical. A 2020 study by the German Marshall Fund’s Alliance for Securing Democracy found at least sixty cases of Moscow supporting political campaigns outside Russia, although the evidence on some cases is weaker than others. As of August 24, 2023, the figure was 199 cases of interference overall, with techniques including “malign finance,” information operations, and civil society disruption.
Russia also seeks to create, and then exploit, economic dependencies. Russia uses its extensive energy sector to create links to its oil and natural sectors with leaders in other countries, giving them a personal and financial interest in having a country with a strong relationship with Russia. Moscow also has developed close relationships with smuggler networks in neighboring states.
Instigating protests is another way of shaping perceptions and increasing support for Russia in preparation for more aggressive measures. In Ukraine, Russia originally sought to use its agitators to create extreme right-wing anti-Russian protests, infiltrating them with paid criminals and agent provocateurs who would then attack the police. Russia would then use these protests as proof of a “far-right coup” to justify its invasion. Indeed, Russia intended to defeat Ukraine quickly in 2022 in part by fomenting instability and chaos in Ukraine itself and, in so doing, undermining trust in government, tarnishing Ukraine as an ally for potential partners, and promoting pro-Russian voices in the country.
Russia sees such subversive operations in part as a tit-for-tat response to Western pressure. Moscow viewed the various color revolutions in Georgia, Kyrgyzstan, and Ukraine as fomented by the West, and it also blames the United States and the West for anti-government street protests in Moscow, such as those that occurred in 2011 and 2012. U.S. efforts to promote democracy and build the rule of law are viewed as transparent attempts to undermine Moscow and its allies.
Russian Weaknesses
Gray zone warfare is a necessity for Russia in part due to its weaknesses. Russia’s military is a shell of the Red Army that posed a serious threat to Western Europe during the Cold War. Its economy is stagnant, even without the impact of Western sanctions, and is roughly the size of Canada. The threat from Russia is not a return to the Cold War when two superpowers wrestled over control of the world. Instead, Russia is a weak challenger trying to play a bad hand to its advantage.
Although numerous Russian actors are involved in gray zone activities, they are generally uncoordinated. These actors include military intelligence, domestic and foreign intelligence services, state-owned enterprises, official media, private military companies, self-proclaimed patriotic groups in Russia including biker gangs, various oligarchs, co-opted hackers, the Russian Orthodox Church, and many others. This broad set of actors allows more opportunism and creativity, but it makes unity of effort harder. Many of Russia’s front groups and local allies are also of limited loyalty, especially in a crisis. In Ukraine, Wagner Group contractors and the Russian military clashed over high casualty rates and a shortage of ammunition. Even some structures created by Russian intelligence in Ukraine, such as organizations composed of retired KGB special forces, stayed loyal to Ukraine when the invasion occurred.
Although Russian cyber attacks can be disruptive, Moscow’s capabilities are limited if countries can build a strong defense. Ukraine successfully blunted Russia’s cyber attacks during its 2022 invasion, thanks to help from the United States, the United Kingdom, and private companies such as Microsoft. Russia is at best middling in its AI capabilities and comparable to Canada, rather than to the United States or China. The exodus of much of Russia’s tech talent following the 2022 invasion and subsequent conscription only worsens Moscow’s problems.
Russia itself is also vulnerable to gray zone activity. Views of Russia across the globe are highly negative, according to a 2023 Pew Research Center poll that covered twenty-four countries in Europe, Asia, Africa, and Latin America. A median of 82 percent of respondents had an unfavorable view of Russia, and 87 percent had little or no confidence in Vladimir Putin. These sentiments create opportunities for subverting Russian diplomatic, military, and other actions.
The same is true of Russian private military companies, which are active in Africa, the Middle East, and even Latin America. Prigozhin was instrumental in expanding Russia’s influence by using his Wagner Group to train foreign forces, conduct military operations, extract resources, and help coup-proof local regimes. But Prigozhin’s death in August 2023, almost certainly at Putin’s instruction, is likely to undermine the morale, leadership, and effectiveness of some Russian private military companies. Social media channels linked to Wagner blamed Putin and other Russian officials for orchestrating Prigozhin’s death and threatened retaliatory action against Moscow. Leaders in the Central African Republic, Libya, Mali, Sudan, and other countries may opt to break ties with Wagner and consider alternatives to improve security.
Recommendations
Training and aid packages must focus not only on stopping Russian conventional aggression but also on fighting gray zone warfare. Russia’s efforts are most successful when a country has weak border controls, poor counterintelligence, internal divisions, is awash in firearms, and is unprepared for Russian machinations, according to a RAND study. All these conditions can be countered or at least reduced.
The specifics will vary by country and area. Efforts to combat corruption, improve border security, fight low-level insurgencies, and encourage political reform are vital for reducing Moscow’s influence in the Middle East, Africa, and Central Asia. In Europe, assistance should focus on intelligence coordination, cyber defense, and border control measures. Europe must prepare for a surge of migrants facilitated by Russia, especially in such frontline states as Finland, Poland, the Baltics, and Romania. Finland is building a three-meter-high fence made of steel mesh and barbed wire in case Russia attempts to flood its 1,343-kilometer border with illegal immigrants. But it could use additional assistance in intelligence, surveillance, and reconnaissance collection from drones and other systems. The Baltic states’ military leaders warned that they would shoot any “little green men” and otherwise quickly respond to covert Russian military attacks.
Moscow’s cyber and AI skills, while impressive, are far less than those of the United States and its European allies, and bolstering cyber defenses will reduce some dangers. Intelligence sharing and training of allied militaries can diminish the impact of Russian support for insurgency and terrorism. Public exposure of Russian election manipulation can, in some cases, reduce its impact, and U.S. influence operations may prove more effective given the shaken condition of the Russian regime today. Most of all, the United States and its allies should link sanctions relief and other current punishments to Moscow’s gray zone meddling as well as its invasion of Ukraine.
The United States and its allies should also prepare efforts to discredit Russian private military companies around the world and counter Russian propaganda that promotes Putin as a successful leader. This would involve highlighting increases in terrorism in areas where groups like Wagner are used in Africa, the corruption of Russian officials, and videos that highlight the challenges for ordinary Russians due to Putin’s rule. More specific information efforts may target Russian elites that help hold up the regime: this may decrease their support for Putin or at the very least increase mistrust within elite circles.
Allies need to stand firm against Russian gray zone warfare—and Washington must back them. Moscow may be economically weak, and its conventional military is a far cry from the feared Red Army of the Cold War. But Russia is not down and out. The most effective way to contain Putin is to limit his ability to operate in the gray zone.
Daniel Byman is a professor at Georgetown University’s Edmund A. Walsh School of Foreign Service and a senior fellow with the Transnational Threats Project at the Center for Strategic and International Studies. His latest book is Spreading Hate: The Global Rise of White Supremacist Terrorism.
Seth G. Jones is senior vice president, Harold Brown Chair, and director of the International Security Program at the Center for Strategic and International Studies (CSIS). He was a plans officer and adviser to the commanding general, U.S. Special Operations Forces, in Afghanistan, as well as the author of In the Graveyard of Empires: America’s War in Afghanistan (W.W. Norton).
Image: Shutterstock.