In early September 2024, the US Department of Justice (DOJ) reported that it had disrupted thirty-two internet domains operated by a Russian government–directed disinformation campaign known as “Doppleganger.” The two-year campaign targeted Americans and Europeans with a combination of false domain names and cloned websites, and targeted cyber-generated social media.  

That same month, the DOJ indicted two Russian nationals for “conspiracy to violate the Foreign Agents Registration Act (FARA) and conspiracy to commit money laundering” for a Russian state-directed and state-controlled media company based in Tennessee. In the DOJ brief, Attorney General Merrick Garland charged the two U.S.-based agents with conducting a “$10 million scheme” that Deputy Attorney General Lisa Monaco said was intended to “illegally manipulate American public opinion by sowing discord and division.” 

The threat of Russia cyberattacks directed at the West is intensifying, somewhat resembling the nonkinetic methods of hybrid warfare used during the Kremlin’s 2014 annexation of Crimea.

Danish defense minister Troels Lund Poulson highlighted the unprecedented number and range of cyberattacks against his nation at the 2024 region-wide NORDEFCO meeting. (The Nordic Defense Cooperation is a defense alliance and includes Denmark, Finland, Iceland, Norway, and Sweden.) The minister announced that Denmark’s Centre for Cyber Security (CFCS) had raised its threat level owing to increasing Russian cyber-threats. “Increasingly,” he said, “we see a Russia that is willing to challenge NATO countries through sabotage, influencing campaigns, and cyberattacks.”  

Russia’s Toolkit

Russia has practiced a hybrid strategy of political-military warfare throughout its history. It has adapted this strategy to contemporary times by leveraging technology, culture, and asymmetric tactics to escalate geopolitical tensions, seeking to assemble just the right combination of these to achieve the desired effect. 

The rapid evolution and scaling up of technological tools, including social media and AI, have enabled Russia to continually exploit weaknesses in critical infrastructure. One powerful feature of these hybrid attacks is their psychological aspect. The distributed information flows disrupt democratic decision-making by calling into question generally accepted societal principles while advancing alternative realities. Gaps in technology and disagreements among allies provide adversaries with opportunities to use nonkinetic actions to achieve strategic goals. 

One example of this strategy in action was on view in 2019, when NATO deployed a “counter hybrid support team” in Montenegro to deter Russia’s hybrid challenges. But in 2022 Montenegro suffered a cyberattack that “crippled the government’s digital infrastructure,” and the defense minister, Rasko Konjevic, placed the responsibility on Russia. Membership in NATO, the FBI’s rapid-response cyber-action team, the UK, and France helped Montenegro recover, build a stronger cyber-capability, and withstand further Russian pressure. Montenegro went on to form a Western-backed government.

What makes hybrid wars hard to defeat is the fact that they have no forward presence or front lines and  operate in “complex conflict landscapes” and “gray zones.” With the advent of the internet, smart phones, artificial intelligence, and interconnected digital networks, physical national borders provide only partial defense. In the constantly moving cyber-domain, the concept of peace does not exist. “The instruments or tools employed or fused together to unleash hybrid wars are often difficult to discern, attribute, or corroborate,” wrote Arsalan Bilal of NATO Review. This opens the door to “plausible deniability” related to under-the-radar disruptions, which can be both ongoing and timed for future impacts. 

In its invasion of Ukraine, the Kremlin has extensively employed electronic warfare, including jamming GPS signals and satellite-based navigation systems. The Estonian minister of foreign affairs, Margus Tsahkna, said Russia’s hybrid warfare has forced the country’s largest airport to close, while pointing out that the Kremlin’s jamming also impacts civilian infrastructure in neighboring Latvia, Lithuania, and sites in Finland, Poland, and Germany. 

Information War and Lawfare

Special Counsel Robert Mueller concluded in 2018 that while Russia did not alter actual votes in the 2016 US presidential race, it did target voter registration in twenty-one states and spread conspiracies on social media to advance discord. In June 2023 the Kremlin breached several European banking institutions, including the European Investment Bank, in retaliation for Europe’s support for Ukraine. In November of that year, Denmark suffered its largest cyberattack on record when twenty-two power companies were shut down. In February 2024, Russian hackers injected malware into servers at the embassies of Poland, Germany, and Ukraine to collect information on European and Iranian military activities. 

In a different strategy, Russia exploits its legitimate 1920 treaty-based presence in Norway’s Svalbard Archipelago to wage hybrid war through lawfare. It has mounted a threat to Norway’s sovereignty by challenging that country’s environmental regulations and Svalbard’s internationally recognized territorial boundaries—actions that reflect the Kremlin’s strategy with regards to the maritime Arctic. Viewed collectively, Russia’s hybrid warfare initiatives reveal a strategic intent to reshape global power dynamics and revise the current and shifting post-World War II rules-based order.  

Need for Integrated Capabilities

The 2024 NATO Summit highlighted the extent to which cyber-attacks have become a feature of modern conflict and expressed an intention to “strengthen and secure allied networks, improve situational awareness, heighten cooperation and interoperability,” and implement cyberspace as an operational domain. A central question in the unfolding discussion is whether a cyberattack against a NATO nation might trigger the mutual defense guarantee of Article 5. Not all of the NATO allies have sufficient cyber and related capabilities to prevent, respond to, or protect from a cyberattack, which brings the alliance and its individual member nations into “uncharted waters.” As Russia, China, and other adversaries burrow deeper into cyberspace’s critical infrastructure, the West’s security and resilience alliance must deepen its own offensive-defensive capabilities as dual-use and unconventional presence by adversaries unfold.

There is a growing sense that the West must forge a tight integration of capabilities in the cyber domain along with strengthening trust and interoperability among the allies to ensure deeper collaboration, commercial and policy gaps notwithstanding. Only in this way could the United States and its allies prevail against their common adversaries in the rapidly changing landscape of hybrid war. 

The opinions expressed in this article are those solely of the author and do not reflect the views of the Kennan Institute.