Home / Europe / An Analysis of the Russian Intelligence Services

An Analysis of the Russian Intelligence Services

Posted by: Leo Gardner

By Leo Gardner 22 April, 2025

The last few years have unveiled a significant amount about the state of the Russian Intelligence Services. It has, in truth, been hard to keep up with it at times. What has been clear however, is that there has been a lot of movement — both structurally and operationally. This article will attempt to put a mark in the sand, reviewing what state the services are currently in and how well they are operating. Following the technological revolution of the late 20th and early 21st century, there are now two distinct worlds that intelligence services have to operate in: the virtual and the physical. It is clear that the Russian services are deeply involved in both, but to what extent and how successfully?

In November 2022, the head of MI5, Sir Ken McCallum, spoke to an audience at Thames House and there gave what was a significant insight into the capacity of the Russian espionage services. Following the start of the so-called ‘special military operation’ in Ukraine, Russia had been hit with a series of sanctions from across the globe, not least the expulsion of an estimated 600 Russian diplomats (of whom 400 were suspected Russian spies) from embassies across Europe. McCallum labelled this action ‘‘the most significant strategic blow against Russian intelligence services in recent European history”. It was a strong statement to say the least. It revealed, quite plainly, that despite the technological revolution which had washed across the intelligence world in recent years, Russian Intelligence still clearly relied heavily on the physical presence of its intelligence officers, acting as diplomats, to carry out their covert operations.

While there is some differences from analysts on how to breakdown the structure of Russia’s covert programme, there appears broadly to be two distinct kinds of ‘spy’ that operate within the services, classed either as ‘legals’ or ‘illegals’. ‘Legals’ are those who operate to provide information to Russia under diplomatic cover, or some other official title. ‘Illegals’ on the other hand are spies living under a false identity. Prior to the Ukraine War, both kinds appeared to have been operating at a high level, but following the expulsion of many spies posing as diplomats, Russia was suddenly struck with a severe shortage of ‘legal’ spies and left with a gaping hole in their intelligence capabilities. The desire for ‘illegals’ rose sharply, but Russia had a recruitment issue.

With so many Russian nationals expelled from countries across Europe and the world, Russia has needed to think on its feet within its human intelligence sphere. The recent unearthing of a spy cell in Great Yarmouth has been critical in the understanding of how the Russian services are now operating and has revealed what measures they have had to take in recent years to maintain their international influence. One of the trends the spy cell appears to have aligned with is the apparent change in nationality of those reporting to Russia. Before the outbreak of war, Russian nationals, unsurprisingly, were the preferred choice of nationality to carry out covert operations. But following it, it is clear there has been a sharp shift towards the recruitment of foreign nationals to do Russia’s dirty work for them — particularly through the use of social media (another thing which appears to have increased following the outbreak of war). In the case of the Great Yarmouth group, the cell was made up of Bulgarian nationals posing as workers in Britain. The operatives were controlled from Moscow by a man named Jan Marsalek and were tasked with the surveillance of Christo Grozev and Roman Dobrokhotov — two investigative journalists who had worked to expose Russia’s role in the poisoning of Sergei Skripal in Salisbury in 2018. When the guest house in Norfolk was breached by police in the early hours, they found a multitude of espionage technology from stuffed toys with cameras within them to “glasses containing recording equipment”, giving analysts a golden glance into the technical capabilities of the Russian espionage services.

The work of other ‘illegals’ has been uncovered across the planet and reveals how incisively the Russians are able to penetrate enemy countries through the exploitation of weak officials. One such story regards an official working at the British embassy in Berlin who was discovered to have been covertly passing on information to Russia in exchange for cash payments. Other individuals have been found linked to Russia’s spy agencies in Norway, the Netherlands and Poland.

Regarding Russia’s technological reach, it is undoubtedly strong as well and has no doubt been damaged less so in comparison to its HUMINT capabilities as a result of the Ukraine War. Evaluating just how strong Russia’s cyber capabilities appears to be tricky. Analysts from RUSI have argued that it isn’t as strong as that of the West’s, on the grounds that it has been held back by the mindset of the heads of the intelligence services, all of whom were KGB officials in the 1970s, including: “Putin, Security Council Secretary Nikolai Patrushev, FSB head Alexander Bortnikov and SVR chief Sergei Naryshkin”. The UK government, on the other hand, has labelled Russia as “one of the world’s most prolific cyber actors”, and reports seem to back this up. First of all, Russian hacking continues to be a problem for countries across the globe. Throughout the war in Ukraine, Russian cyber espionage operations have gained access to troop movements, defense strategies and military communications. Recent reports suggest Russia has also been successful in infiltrating Ukrainian chat groups on the messaging app ‘Signal’, gaining access to “sensitive communications”. The group known as ‘Sandworm’ — linked to the GRU (Russia’s military intelligence wing) — has posed a longtime threat to the West and is one of many programs linked to the Kremlin’s bid to impose itself within cyber space.

Other official programmes have also been at the centre of Russia cyber operations for quite a while. In late 2023, the UK Government revealed two ‘centres’, numbered 16 and 18, which function under the flag of the FSB and have operated in the cyber field to spy on and undermine Western governments. While ‘Centre 16’ is primarily focused on Foreign Intelligence collection and getting behind the technological lines of its adversaries, Centre 18, on the other hand, sits ‘within the Counter-Intelligence Service of the FSB’, and is regarded as critical in conducting ‘cyber espionage operations targeting the UK’. Both have in the past caused serious issues. The work of Centre 16 hit world headlines when it was revealed that a ‘snake’ form of malware was discovered to have penetrated technologies in the West and was being used to collect information and data on sensitive targets. The malware was suspected to have hit Germany’s Foreign Ministry in 2017 and reportedly even compromised NATO computers. In 2023 sources revealed the malware was finally uprooted having collected data for over two decades. Similarly the work of Centre 18 was revealed to have targeted many UK institutions, including hitting many parliamentarians with ‘spear-phishing’ emails, while also gaining unauthorised access to UK-US trade documents which were subsequently leaked ahead of the 2019 UK General election. Since then work published by the Centre for Strategic and International Studies (CSIS) has backed up the extent to which state guided cyber operations are flooding Western cyber space.

Finally, the use of technology to disseminate disinformation online has formed another key part of Russia’s ‘active measures’. The work is no doubt less technical than that of the hacking experts, but has been arguably as effective at destabilising Western political institutions. Work published by the think tank the ‘Institute for Strategic Dialogue’ discusses the wide ranging efforts of Russian operatives looking to undermine societies of the West. Efforts include trying to create opposition to US funding to Ukraine through spreading false information on the US’ response to hurricanes Milton and Helene last year, and also attempting to create rifts in Germany and France regarding the Israel-Hamas conflict.

There is no doubt, therefore, that Russian state services are in a strong position — rebuilding quickly after a tricky few years of alleged intelligence failures at the start of the Ukraine War. Russia’s cyber capabilities, despite arguably not at the same level as the West’s, are still troubling institutions and governments around the world, and Russia’s intelligence services have niftily pivoted in order to reinvigorate its HUMINT capabilities. This should all serve as a warning to the West, and should further encourage the members of NATO to back a rise in defense spending and to be fully prepared to square up to the Russian challenge.

Image: Emblem in the Main Intelligence Directorate of the General Staff of the Armed Forces (Source: MOD of Russian Federation/Mil.ru via CC BY 4.0)

About Leo Gardner

Leo Gardner is an HSC intern and a graduate in Classics from the University of Cambridge and soon will be a Master’s student in the Intelligence and International Security programme at King’s College London. Leo has had experience working for two human trafficking charities and a social policy think tank. He has a strong interest in the open and covert actions of Russia, in particular the threat it poses to Eastern Europe. Alongside this, he is interested in the ever growing problem of disinformation and the effects it has on democracies across the globe.
©Human Security Centre 2016. All Rights Reserved.