A new study reveals how Russia systematically uses private IT companies, hacktivists, and cybercriminals to expand its offensive cyber capabilities abroad while maintaining plausible deniability. According to analysts at QuoIntelligence, this sprawling structure enables the Kremlin to operate discreetly by integrating both state and non-state resources into a unified cyber ecosystem, as reported by Cyber Security News.
This model of cyber outsourcing began to take shape in the 1990s, when, after the collapse of the Soviet Union, many highly skilled IT specialists and former intelligence officers found themselves unemployed or underpaid. In these conditions, many moved into the gray zone—where the interests of the state, business, and organized cybercrime intersected. Informal networks began to form, which Russian intelligence agencies later started to systematically exploit.
Today, Russia’s cyber operations are coordinated by three main entities—the FSB, the Foreign Intelligence Service (SVR), and the GRU. Although their responsibilities overlap, they actively outsource operations, creating a fragmented and opaque network that expands their reach and complicates the attribution of attacks. At the center of this model are the intelligence agencies, surrounded by external actors: private companies, cybercriminals, and hacktivists.
_1750361677.jpg/KyPcvsjj9vjGgB2UVSs9PzLOAJDwcmFjqefj36JP.jpg)
Among the organizations reportedly cooperating with government structures are major players like Kaspersky and Positive Technologies, as well as lesser-known firms like NTC Vulkan and Digital Security. These entities provide technical expertise, develop tools, and train personnel. Meanwhile, public relations firms such as the Social Design Agency conduct large-scale information campaigns in the Kremlin’s interest. One example is Operation Doppelgänger, which spread disinformation through fake websites mimicking media outlets and government resources.
_1750361711.jpg/Hu3ElFbLWMq57oXg18ecueWxodHE0wZ0MaFpGJfF.jpg)
The report specifically highlights cooperation between hacktivist groups—such as CyberArmyofRussia_Reborn—and military intelligence units, particularly APT44, as well as links between cybercriminal gangs like Conti and BlackBasta and Russian authorities. This approach allows the state to conserve resources while benefiting from cutting-edge capabilities developed outside official structures.
The Kremlin’s model has created a resilient cyber infrastructure capable of scaling depending on mission needs. This hybrid warfare mechanism combines a high degree of decentralization, the flexibility and innovation of the private sector, and strategic direction from government bodies. Researchers note that it has continued to operate actively since the start of Russia’s full-scale invasion of Ukraine in 2022—and appears poised to expand further.
