Full Report
The new chief of MI6, Blaise Metreweli, will warn of “the acute threat posed by Russia” when she makes her first public speech later. She will highlight so-called hybrid warfare, which includes incidents such as cyber attacks and drones suspected of being launched near critical infrastructure by Russian proxies. Ms Metreweli will describe this as “an acute…
Analysis Summary
# Threat Actor: State-Sponsored Russian Proxies/Actors (Collective)
## Attribution & Identity
* **Identification:** Russia (Explicitly identified in statements by the new MI6 Chief, Blaise Metreweli).
* **Aliases/Groups:** Unnamed "Russian proxies" mentioned in connection with specific kinetic/hybrid activities.
* **Associations:** Operating under the umbrella of an "aggressive, expansionist and revisionist Russia."
## Activity Summary
The summary focuses on warnings regarding ongoing and future activities by Russia:
* The primary threat highlighted is "hybrid warfare."
* This warfare includes cyber attacks and the suspected launching of drones near critical infrastructure by Russian proxies.
* Military asset activity: Royal Navy ships and aircraft shadowed a Russian task group in the English Channel in February 2025 (a kinetic/physical show of force alongside cyber threats).
## Tactics, Techniques & Procedures
* **Hybrid Warfare:** The overall strategy encompassing kinetic and non-kinetic measures.
* **Cyber Attacks:** Implied as a core component of hybrid warfare.
* **Drones/UAVs:** Use of drones, suspected to be launched by proxies, near critical infrastructure.
* **Geopolitical Harassment:** Shadowing of military assets (e.g., shadowing a Russian task group).
* *Note: Specific MITRE ATT&CK IDs are not mentioned in the provided text.*
## Targeting
* **Sectors:** Critical Infrastructure (Target of drone activity).
* **Geography:** Implicitly targeting the UK/Western interests (implied by the MI6 context and the English Channel shadowing incident).
* **Victims:** "Critical infrastructure" in general.
## Tools & Infrastructure
* **Malware/Tools:** No specific malware or tools are listed.
* **Infrastructure:** No specific Command and Control (C2) infrastructure or infrastructure details are provided.
## Implications
* The threat posed by Russia is described as "acute."
* The conflict front line is characterized as "everywhere," indicating a pervasive, non-traditional conflict state extending beyond conventional military domains into cyber and physical security zones.
* The actor is considered hostile ("aggressive, expansionist and revisionist").
## Mitigations
* Defense strategies must account for **Hybrid Warfare**, requiring integrated responses for both cyber and physical domain threats.
* Increased vigilance and protective measures around **Critical Infrastructure** to counter potential drone attacks by proxies.