Full Report
Russia is escalating its hybrid warfare against NATO into a coordinated, full-scale campaign blending cyber attacks, sabotage, and influence operations. Read the full report to understand what New Generation Warfare means for your organization.
Analysis Summary
# Threat Actor: Russian State Actors (Coordinated Hybrid Warfare)
## Attribution & Identity
Attribution points toward the Russian State apparatus, utilizing various military, intelligence, and state-affiliated entities. The activities are described as being directed under the strategic umbrella of **New Generation Warfare (NGW)** doctrine to degrade NATO unity and defense capabilities.
**Known Aliases/Associated Groups Mentioned (Cyber/Sabotage Elements):**
* GRU Units: Unit 29155 (linked to sabotage), Unit 26165 (APT 28/Fancy Bear), Unit 74455 (Sandworm)
* SVR Units: APT29/Cozy Bear
* FSB Units: Center 16 (Turla), 18th Center of Information Security (Gamaredon Group)
## Activity Summary
The overall activity is described as Russia escalating its hybrid warfare against NATO territory, moving from opportunistic targeting to a coordinated, full-scale campaign consistent with **New Generation Warfare (NGW)** doctrine over the next two years. This full-scale campaign will involve the intentional planning and deployment of tactics across Europe simultaneously to project Russian power and weaken defenses systemically. Specific examples include coordinated operations such as using a drone to violate airport airspace while simultaneously launching a DDoS attack on the airport's internal communications, followed by propaganda blaming NATO for the failure.
Historical/Current activities since Feb 2022 include opportunistic cyber attacks, sabotage operations, influence operations, and physical violations.
## Tactics, Techniques & Procedures
The NGW campaign is characterized by the coordinated use of existing tactics at greater frequency and geographic breadth:
* Sabotage operations.
* Influence operations (creating reputational risk).
* Airspace violations (using drones and jets).
* Territorial waters violations.
* Targeting of undersea cables.
* Exploitation of energy dependencies (oil and gas).
* Cyberattacks (used in coordination with physical actions, e.g., DDoS during an airspace incident).
**Associated Offensive Cyber Operations Elements (Attribution to specific units):** *The article does not provide specific MITRE ATT&CK IDs, but lists associated hacking groups.*
## Targeting
* **Sectors:** Private and public sector entities, critical infrastructure (including aviation networks and undersea cables), energy sector (via dependency exploitation).
* **Geography:** NATO territory (Europe-wide campaign anticipated).
* **Victims:** Generally unnamed; focuses on degrading NATO political unity and defense capabilities. Entities named in influence operation campaigns face reputational risk. Critical infrastructure providers (public and private) are primary targets for disruption.
## Tools & Infrastructure
The article lists platforms and vehicles used for physical and reconnaissance elements of the hybrid campaign, rather than specific C2 malware infrastructure for the cyber component (which is attributed to defined GRU/SVR/FSB units).
**ISR Drones/UAS:** Orlan-10/Orlan-30, Forpost/Forpost-R, Altius-RU
**Strike Drones:** S-70 Okhotnik-B
**Aircraft (ISR/Combat):** Su-27/Su-30SM, Su-35S, MiG-31, Su-24M, Su-34, Il-20/Il-22, Tu-214R, Tu-95MS, Tu-160, etc.
**Maritime Assets (Reconnaissance/Seabed targeting):** Project 22010-class ships, Akademik Aleksandrov-class vessels, Project 22010/20180, Belgorod (Project 09852), Podmoskovye (Project 09787), Losharik-linked vessels (AS-31).
**Economic Assets Exploited:** Gazprom Export, Rosneft, Nord Stream AG/2 AG, Gazprom Marketing & Trading, Gazprombank, VTB.
*Defanged URLs/IPs were not present in the actionable context provided for this section.*
## Implications
The escalation to a full-scale NGW campaign implies:
1. Degradation of critical infrastructure across NATO territory.
2. Significant reputational risk for public figures and private companies named in influence campaigns.
3. Reduced public confidence in government abilities to ensure safety and safeguard infrastructure.
4. Increased strain on NATO resources due to simultaneous, coordinated attacks across multiple vectors.
5. Private sector entities owning most critical infrastructure will face supply chain disruptions and direct impacts, necessitating public-private partnerships.
## Mitigations
* Strengthening public-private partnerships, especially concerning privately owned critical infrastructure protection.
* Developing response plans for coordinated hybrid incidents (e.g., responding to simultaneous cyber/physical disruption).
* Monitoring and countering influence operations targeting organizational or governmental reputation.
* Enhancing surveillance and defense capabilities against airspace and territorial water incursions (drones/jets/vessels).