From Ballots to Bank Accounts: How Russia is Disrupting Western Democracies and Economies

Earth sunrise North America with light clouds

Russia’s hybrid warfare approach has been elevated to new levels in their last gasps from the failures of the Ukraine campaign. They have accelerated their use of information operations against NATO and Western country targets in their recent strategies. These include an adoption of a de-dollarization strategy, continued implicit support of cybercriminal networks targeting Western country critical infrastructure with ransomware, and ongoing election interference operations in Europe and the US to manipulate public opinion. This article will outline some of the most recent and egregious efforts by Russia and its proxies (including cybercriminal gangs) to promote this agenda.

Blockchain Based Central Currency

Russia’s digital ruble, a central bank digital currency (CBDC), is being developed as a strategic tool to mitigate the impact of Western sanctions and reduce the country’s reliance on the US dollar. This initiative is part of Russia’s broader de-dollarization efforts, which have been accelerated due to the financial restrictions imposed following its invasion of Ukraine.

Motivations for the Digital Ruble


  • Reducing Dollar Dependence: The digital ruble is a key component of Russia’s strategy to decrease its reliance on the US dollar, a process known as de-dollarization. This effort aims to diminish the influence of the US on the global economy by promoting the use of alternative currencies in international transactions.
  • BRICS Collaboration: Russia is also pushing for the adoption of the digital ruble among BRICS nations (Brazil, Russia, India, China, South Africa) to facilitate trade without using the US dollar, thereby strengthening economic ties within the bloc.

Sanctions Evasion

  • Circumventing Financial Restrictions: The digital ruble is designed to enable Russia to conduct international transactions outside of Western-dominated financial systems, such as SWIFT, from which many Russian banks have been excluded. This capability is intended to weaken the effectiveness of economic sanctions imposed by the US and the EU.
  • Blockchain Technology: Utilizing blockchain technology, the digital ruble allows for direct transactions and storage through electronic wallets, making it harder for sanctions to target these transactions.

Economic and Political Objectives

Economic Resilience

  • Facilitating International Transactions: The digital ruble aims to simplify and speed up cross-border payments with Russia’s economic partners, reducing costs and delays associated with traditional payment systems.
  • Cost Reduction: By lowering transaction costs, the digital ruble is expected to benefit Russian businesses and households, making economic activities more efficient.

Political Control

  • Strengthening Economic Control: The digital ruble allows the Russian government to closely monitor and regulate digital transactions, helping combat tax evasion and ensuring compliance with national financial regulations[1].
  • Potential for Social Control: There are concerns that the digital ruble could be used as a tool for increased surveillance and control over citizens, as it enables the government to track all transactions.

Cybercriminal Activity

The Russian government has a well-documented history of turning a blind eye to cybercriminal activities as long as these activities do not target Russian businesses or interests. This tacit approval allows cybercriminals to operate with relative impunity, provided they adhere to certain unspoken rules.

Non-Prosecution of Domestic Targets

  • Selective Enforcement: Russian authorities, including the Federal Security Service (FSB), are known to monitor cybercriminal activities closely. However, they typically refrain from prosecuting these criminals unless they target Russian entities. This selective enforcement creates a safe harbor for cybercriminals operating within Russia.
  • Red Line: Cybercriminals are aware that targeting Russian businesses or citizens could lead to swift and severe repercussions from the state. This understanding acts as a deterrent against domestic cybercrime while implicitly encouraging attacks on foreign targets.

Implicit Permission to Cybercriminal Gangs and Financial Expectations

  • Safe Harbor: Ransomware gangs, such as the Eldorado group, operate with the implicit permission of the Kremlin. This arrangement allows them to conduct extensive cybercriminal activities, including ransomware attacks on international targets, without fear of prosecution.
  • Government Cut: There is an expectation that the government receives a share of the proceeds from these cybercriminal activities. This financial arrangement further solidifies the relationship between the state and cybercriminal gangs, ensuring mutual benefit.

The Eldorado ransomware group exemplifies the cozy relationship between the Kremlin and cybercriminal gangs. This group has quickly risen to prominence by developing sophisticated ransomware that targets both Windows and Linux systems, causing significant damage to its victims’ data and business operations.

Operational Tactics of Ransomware Gangs

  • Affiliate Programs: Eldorado operates a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to distribute their ransomware. This model allows the group to expand its reach and impact significantly.
  • Technical Sophistication: The group employs advanced encryption methodologies and cross-platform capabilities, demonstrating their technical prowess and adaptability in the evolving cyber threat landscape.

The cybercriminal market in Russia thrives under the implicit protection and support of the Kremlin. By allowing cybercriminals to operate freely as long as they do not target Russian interests, the government not only benefits financially but also leverages these activities for strategic advantages. The Eldorado ransomware gang is a prime example of this symbiotic relationship, highlighting the complex interplay between state interests and cybercriminal operations.

Information Operations

Russian foreign information manipulation and influence (FIMI) operations have become increasingly sophisticated and pervasive, targeting both Europe and the United States. The following are key elements of these operations:

Vast Multimedia Influence Apparatus

  • Components: Russia’s influence apparatus includes intelligence services, cyber-actors, state media proxies, and social media trolls.
  • Operations: Campaigns like Doppelganger impersonate reputable news outlets and government entities to disseminate false narratives.

Use of Generative AI

  • Content Creation: Networks like CopyCop use generative AI to plagiarize, translate, and edit content from mainstream media outlets, tailoring it to specific audiences and introducing political bias.
  • Automation: AI enables the production and dissemination of content at scale, making it difficult for defenders to track and counter these narratives.

Targeted Narratives

  • Eroding Support for Ukraine: Russian operations aim to undermine Western support for Ukraine by spreading false information and creating divisive content.
  • Discrediting Democratic Institutions: These operations seek to undermine trust in democratic institutions and processes, often by spreading conspiracy theories and false narratives about election integrity[3][13].
  • Influencing Elections: Russian influence operations target elections in the US and Europe, using AI-generated content and social media to sway public opinion and create discord.

Hybrid Campaigns

  • Integration with Cyberattacks: FIMI operations are often part of broader hybrid campaigns that include cyberattacks, such as DDoS attacks on election infrastructure.
  • Coordination with Other Influence Networks: Russian campaigns like CopyCop and Doppelganger often coordinate with other influence networks to amplify their impact.

Strategic Use of Social Media and Fake Websites

  • Social Media: Russian operatives use platforms like Telegram to seed propaganda, which is then amplified across other social media platforms.
  • Fake Websites: Operations create sham websites that mimic reputable news outlets to lend credibility to their false narratives.

Importance for US Policymakers

Russian FIMI operations pose a significant threat to the integrity of democratic elections by spreading disinformation and creating confusion among voters. Maintaining public trust in the electoral process is crucial. Disinformation campaigns can erode this trust, leading to decreased voter confidence and participation. Policymakers need to develop strategies to counteract the spread of false information and ensure that the public has access to accurate and reliable information. Increasing public awareness and digital literacy can help citizens recognize and resist disinformation.

Ensuring National Security Against Foreign Influence

  • National Security: Foreign influence operations are a direct threat to national security, as they aim to destabilize democratic institutions and processes.
  • International Cooperation: Collaborating with international partners to share intelligence and develop joint strategies is essential to effectively counter these threats.

Regulatory and Policy Measures

  • Legislation: Implementing and enforcing laws that address foreign interference and disinformation is critical. This includes measures like the Digital Services Act and the European Media Freedom Act in the EU.
  • Sanctions: Imposing sanctions on individuals and entities involved in FIMI operations can deter future activities and signal a strong stance against foreign interference.

Technological and Cybersecurity Measures

  • Cybersecurity: Strengthening cybersecurity measures to protect election infrastructure and other critical systems from cyberattacks is vital.
  • AI and Analytics: Utilizing AI and advanced analytics to detect and counter disinformation campaigns in real-time can enhance the resilience of democratic institutions.

Russian FIMI operations represent a multifaceted threat that requires a comprehensive and coordinated response from US policymakers. By addressing these key elements and implementing robust countermeasures, the US can better protect its democratic institutions and maintain public trust in the electoral process.

Communications Interference in Europe

Russia has been systematically interfering with satellite communications as part of its hybrid warfare strategy. This interference has affected GPS signals, television channels, and other critical satellite services across Europe. The United Nations’ International Telecommunication Union (ITU) has condemned these actions, highlighting their impact on navigation, air traffic control, and media broadcasts.

Hybrid Warfare Tactics

Russia’s interference with satellite communications is a component of its broader hybrid warfare tactics, which combine conventional and unconventional methods to undermine adversaries. These tactics include:

  • Cyberattacks: Targeting critical infrastructure, such as the Viasat hack during the Ukraine conflict, which disrupted satellite internet connections.
  • Disinformation Campaigns: Spreading false information and propaganda to create divisions within societies and erode trust in democratic institutions.
  • Economic Coercion and Sabotage: Weakening adversaries’ economies through targeted disruptions and leveraging economic dependencies.

Implications for Western Civilization

Strategic Disruption

  • Navigation and Safety: Interference with GPS signals poses significant risks to aviation and maritime navigation. This has led to operational challenges for civilian aircraft and ships, particularly in regions like the Baltic Sea and northern Europe.
  • Media Manipulation: By disrupting television channels and replacing content with war propaganda, Russia aims to control the narrative and influence public perception, particularly in conflict zones like Ukraine.

Psychological and Economic Impact

  • Eroding Trust: Continuous interference and disinformation campaigns undermine public trust in government and media, creating a sense of instability and uncertainty.
  • Economic Costs: Disruptions to satellite communications can have far-reaching economic implications, affecting industries reliant on precise navigation and communication systems, such as aviation and shipping.

Testing and Preparing for Future Conflicts

  • NATO’s Defenses: By testing NATO’s response to hybrid threats, Russia gains valuable intelligence on the vulnerabilities and preparedness of Western defenses. This information can be used to refine future strategies and tactics.
  • Blurring War and Peace: Russia’s actions blur the lines between war and peace, challenging international norms and making it difficult for adversaries to respond effectively. This creates a persistent state of tension and uncertainty.


Russia’s systematic hacking and FIMI campaigns coupled with de-dollarization and interference with satellite communications are all strategic components of its broader hybrid warfare tactics aimed at undermining Western civilization. By disrupting critical infrastructure, spreading disinformation, and testing NATO’s defenses, Russia seeks to exploit vulnerabilities and create divisions within Western societies. The implications of these actions are profound, affecting economic and political stability, navigation safety, and public trust, while preparing the ground for potential future conflicts.

author avatar
RJG CTIN President & Co-Founder
Jane Ginn As the co-founder of the Cyber Threat Intelligence Network (CTIN), a consultancy with partners in Europe, Ms. Ginn has been pivotal in the development of the STIX international standard for modeling and sharing threat intelligence. She currently serves as the Secretary of the OASIS Threat Actor Context Technical Committee, contributing to the creation of a semantic technology ontology for cyber threat actor analysis. Her efforts in this area and her earlier work with the Cyber Threat Intelligence (CTI) TC earned her the 2020 Distinguished Contributor award from OASIS. In public service, she advised five Secretaries of the US Department of Commerce on international trade issues from 1994 to 2001 and served on the Washington District Export Council for five years. In the EU, she was an appointed member of the European Union's ENISA Threat Landscape Stakeholders' Group for four years. A world traveler and amateur photojournalist, she has visited over 50 countries, further enriching her global outlook and professional insights. Follow me on LinkedIn:
Translate »