Full Report
The Netherlands’ General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD) are concerned about the increased threat of Russian hybrid activities in the gray zone. “The Russian military is preparing for the possibility of a conflict with NATO and is conducting various activities to test the West’s willingness to escalate,” the…
Analysis Summary
# Threat Actor: Russian Federation (Military and Intelligence Services)
## Attribution & Identity
* **Actor Identification:** Russian Military and Intelligence Services (specifically referenced as under the direction of the Kremlin/Vladimir Putin).
* **Known Associations:** General Staff of the Armed Forces of the Russian Federation (GRU), Foreign Intelligence Service (SVR), and Federal Security Service (FSB).
* **Dutch Intelligence Source Agencies:** General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD).
## Activity Summary
According to the report *Between Peace and War* (released Feb 2026), Russian actors are intensifying "gray zone" activities across Europe. Current operations focus on testing NATO's resolve and preparing the battlefield for potential future conflict. While not yet engaged in a large-scale war with NATO, the actor is rapidly building the necessary capabilities and conducting persistent hybrid operations to destabilize Western societies.
## Tactics, Techniques & Procedures
The actor utilizes a "hybrid warfare" framework designed to blur the lines between peace and conflict:
* **Cyberattacks:** Disruption of digital services and unauthorized access to sensitive networks.
* **Sabotage:** Physical interference with infrastructure or processes.
* **Influence Campaigns:** Political interference and social destabilization.
* **Disinformation:** Spreading false narratives to manipulate public perception (e.g., clashing worldviews).
* **Testing Escalation:** Intentional activities designed to gauge the West’s willingness to respond to provocation.
* **Physical Disruption:** Operations intended to cause material damage or physical injury.
## Targeting
* **Sectors:** Defense, Government, Vital Infrastructure, Energy, and Critical Processes.
* **Geography:** Primarily The Netherlands, NATO member states, and wider Europe.
* **Victims:** Dutch vital infrastructure providers and European government entities.
## Tools & Infrastructure
* **Malware families used:** Not specified in this high-level intelligence summary, but generally includes wiper malware and espionage toolsets associated with the GRU/SVR.
* **Infrastructure:** Infrastructure is designed to support "gray zone" activities, including C2 for cyber operations and platforms for disinformation.
* **Related URL:** hxxps[://]threatbeat[.]com/netherlands-warns-against-increasing-hybrid-threat-from-russia/
## Implications
* **Strategic Shift:** Russia views the Ukraine conflict as part of a permanent, existential struggle against the West. Consequently, a cessation of hostilities in Ukraine will not end Russian aggression toward NATO.
* **Conflict Readiness:** Russia is actively preparing for the possibility of a direct conflict with NATO, focusing on the ability to disrupt vital processes and cause physical harm within European borders.
* **Gray Zone Normalization:** The increase in sabotage and cyberattacks suggests a lower threshold for Russian risk-taking in Europe.
## Mitigations
* **Resilience Building:** The Dutch government emphasizes the need for vital infrastructure providers to prepare for "material damage and the disruption of vital processes."
* **Enhanced Monitoring:** Increased cooperation between civilian (AIVD) and military (MIVD) services to detect hybrid signals.
* **Critical Infrastructure Protection:** Hardening physical and digital assets against sabotage and cyber-collection.
* **Counter-Disinformation:** Developing societal resilience against foreign influence campaigns.