Full Report
Thousands of files provided by a whistleblower at Interpol expose for the first time the extent of Russia’s apparent abuse of the international policing agency to target its critics abroad. The data provided to the BBC World Service and French investigative outlet, Disclose, reveals that Russia is using Interpol’s wanted lists to request the arrest…
Analysis Summary
# Threat Actor: Russian State Apparatus (Utilizing Interpol Mechanisms)
## Attribution & Identity
The threat actor is attributed to the **Russian Federation**. The activity centers on the apparent abuse of the **International Criminal Police Organization (Interpol)** by Russian authorities to pursue political adversaries located abroad. No specific intelligence agency or named hacking group is identified in the materials, but the actions point to state-level coordination.
## Activity Summary
The core activity exposed by the leaked files revolves around utilizing Interpol's official mechanisms—specifically the **wanted lists (Red Notices)**—to target critics of the Russian government internationally. Russia is reported to be requesting the arrest of individuals such as **political opponents, businessmen, and journalists**, basing these requests on claims that these individuals have committed crimes. Analysis of the data suggests that Interpol's independent complaints unit has processed complaints concerning Russia at a rate three times higher than the second-highest country (Turkey) over the past decade, indicating a sustained pattern of abuse. This activity is classified within the scope of **Russian hybrid warfare**.
## Tactics, Techniques & Procedures
- **Abuse of International Organizations:** Leveraging official warrants/wanted lists (Interpol Red Notices) to pursue legal and physical apprehension of targets in foreign jurisdictions.
- **Lawfare/Weaponization of Legal Processes:** Filing requests based on alleged criminality to achieve political objectives (targeting critics abroad).
- **Sustained Pattern of Abuse:** Consistent high volume of complaints filed with Interpol's independent oversight mechanisms relative to other nations.
- *Note: Specific MITRE ATT&CK TTPs directly related to cyber operations are not mentioned in this excerpt.*
## Targeting
- **Sectors:** Political opposition, Business sector, Journalism/Media.
- **Geography:** Individuals located **abroad** (outside of Russia) who are critics of the Russian state.
- **Victims:** Political opponents, businessmen, and journalists critical of the Russian government.
## Tools & Infrastructure
- **Malware Families Used:** None mentioned.
- **Infrastructure:** The primary "infrastructure" utilized in this context is the **Interpol wanted list system**.
## Implications
This activity represents a significant **state-sponsored effort to extend Russian authoritarian reach internationally** using seemingly legitimate international legal architecture. It compromises the neutrality and integrity of Interpol, turning a mechanism designed for international law enforcement cooperation into a tool for political suppression and transnational repression against dissidents living abroad.
## Mitigations
- **Enhanced Vetting of Red Notice Requests:** Interpol member states should apply heightened scrutiny when assessing Red Notice requests originating from Russia, particularly concerning politically sensitive figures.
- **Strengthened Independent Complaints Oversight:** Increased resources and mandate for Interpol’s oversight body to rapidly evaluate and challenge suspected politically motivated abuses.
- **Defensive Counter-Intelligence:** Target nations must proactively monitor and prepare legal defenses against potential extradition, arrest, or detention requests targeting known critics of the Russian regime that arrive via Interpol channels.