A newly released study reveals how Russia leverages private companies and hacktivist groups to strengthen its cyber capabilities. The study was conducted by QuoIntelligence, as referenced in the QuoIntelligence Report. Additional analysis and context come from think tanks and cybersecurity researchers, including reports from the Atlantic Council and other academic sources.
How the Study Was Conducted
Researchers combined open-source intelligence, case studies of cyber incidents, and analysis of Russian legal and institutional frameworks. They examined the structure of Russia’s cyber ecosystem, tracked the activities of state agencies and non-state actors, and analyzed specific campaigns—such as the Doppelgänger disinformation operation—to illustrate the collaboration between government and private entities. The study also included technical analysis of attack methods, organizational relationships, and the legal obligations of private companies under Russian law.
Key Findings
The researchers found that Russia’s cyber strategy is a hybrid system that integrates state agencies (FSB, SVR, GRU), private IT firms, hacktivist groups, and criminal collectives. This model originated in the post-Soviet era, where economic instability and a lack of oversight enabled cybercrime to flourish, later becoming a strategic asset for Russian intelligence. Private companies, including major industry players like Kaspersky and Positive Technologies, as well as smaller firms such as NTC Vulkan, are legally required to assist Russian intelligence services under laws like Federal Law No. 40-FZ. Their roles include providing technical tools, conducting vulnerability research, and offering training. Some firms, like the Social Design Agency (SDA) and Struktura, specialize in influence operations and technical logistics for disinformation campaigns.
Groups such as CyberArmyofRussia_Reborn and eCrime collectives like Conti operate in coordination with state agencies, particularly the GRU’s APT44 (Sandworm). These groups have been linked to destructive attacks on Ukrainian infrastructure and large-scale data leaks. Their cooperation provides Moscow with flexibility, cost efficiency, and plausible deniability, but also introduces risks of loss of control and ideological divergence.
Researchers say Russia’s cyber operations resemble concentric rings: state agencies at the core, surrounded by private firms, hacktivists, and criminal organizations. This structure enhances reach and innovation but complicates attribution and control.
The Doppelgänger campaign is a prime example, where the Presidential Administration provides funding and direction, SDA manages fake websites and bot farms, and Struktura ensures technical execution. These campaigns aim to amplify disinformation and influence foreign audiences.
While the ecosystem is vast and dynamic, it is also fragmented. Internal competition and rivalry among agencies (GRU, SVR, FSB) and between state and non-state actors sometimes hinder coordinated operations. This fragmentation can reduce the effectiveness of attacks and increase the risk of exposure.
The study concludes that Russia’s use of private companies and hacktivists is both a strength and a vulnerability. It provides operational flexibility and deniability but also creates unpredictability and potential loss of control, as seen in incidents like the 2022 Conti leaks.
“Rather than dismissing Russia’s cyber prowess because of unmet expectations since February 2022, American and Western policymakers must size up the threat, unpack the complexity of Russia’s cyber web, and invest in the right proactive measures to enhance their security and resilience into the future.”
