“We have prepared the first task for you. We are ordering stickers and sending them to the address,” was the message sent to one of the members of a pro-Russian hacker group on the social networking site Telegram. He was offered 50 euros in cryptocurrency for sticking 10 offensive stickers in Brussels’ diplomatic quarter.
“Only do this when it’s safe. Your safety is our top priority,” the taskmasters wrote. But they had no idea they were actually chatting with a journalist from Belgian public broadcaster VRT, who was posing as a pro-Russian Brussels resident.
A week later, an envelope containing stickers made by a Chinese company was dropped into the designated mailbox. The stickers, which read “F**k NATO,” were to be placed in prominent locations in Brussels, the city where NATO and the European Union are headquartered.
Later, other tasks followed – collecting information about individuals and media organizations.
In this way, especially through the Telegram app, Europeans have been increasingly recruited for espionage and other activities in recent years, many of them being rather pathetic forays into petty vandalism. Russia is believed to be behind many such incidents.
In Latvia, the most striking example is the attempted arson of the Latvian Occupation Museum last year. According to the indictment, the perpetrators were remotely located by Daugavgrīva Prison inmate Konstantin Engels. He and two others are currently on trial for vandalism, while in December the European Union added the recruiter, Vladimir Lipchenko, an officer of the Russian military intelligence service GRU, to its sanctions list.
Last year, Russia-linked sabotage and arson operations, acts of vandalism, cyberattacks, and disinformation campaigns were visible across Europe.
Czech Foreign Minister Jan Lipavsky told the EBU Investigative Reporting Network that there were “500 suspicious incidents in Europe last year, 100 of which were attributed to the Russian Federation,” adding that these activities were continuing and intensifying.
European political leaders and senior security and military officials have expressed the need for a stronger, more coordinated approach to countering these “hybrid threats.”
The EBU Investigative Journalism Network has spent several months gathering information on how many of the attacks that have occurred over the past year can be linked to Russia and what European countries can do to protect themselves.
The group of journalists looked at nearly 80 incidents that have taken place in Europe since the beginning of 2024 and that have a demonstrable connection to Russia. Those events where links to Russia were indicated by unknown or unreliable sources were excluded. The final estimate is therefore probably conservative. More than 60 attacks had suspected or confirmed Russian hybrid activity links.
The conclusions are based on conversations and interviews with civilian and military intelligence officers and publicly available information.
A connection to Russia can be considered “proven” in approximately 10 cases where there are final court rulings or investigations have been concluded.
In 17 cases, authorities have filed charges of Russian interference, and the cases are still under investigation. 34 events considered suspicious are still under official investigation. In 16 cases, initial allegations of Russian involvement have been dismissed or attributed to other reasons.
The LTV program “De facto” is due to report on the investigation in more detail on Sunday and you can read a lengthy report in English via the EBU Investigative Journalism Network, though it will require quite a lot of scrolling.
“Faced with a dwindling number of experienced intelligence agents on the ground, with many expelled after the start of the war in Ukraine, Russia is now resorting to low-level operatives recruited through Telegram or similar social networks to conduct dozens of attempted or successful attacks in Europe, according to court records and security sources,” says the report.
Source: LSM