Traditional Russian Espionage in The Netherlands

• Russian espionage operations against the West, particularly in NATO countries, have increased significantly since Moscow invaded Ukraine in February 2022. While Russia’s cyber espionage operations constitute the bulk of Moscow’s attempts in the West, there remains a persistent and enduring threat posed by Russia’s traditional espionage operations.
• Russia's intelligence officers in the West operate under several “covers” to conceal their true identity, including a diplomatic cover, non-diplomatic cover – e.g. journalists, company employees, etc. – and “illegals”. It is these last two categories that pose the most notable risk to Dutch and Western businesses because they allow either Russian operatives or local Dutch insiders to integrate themselves into Western businesses operating in sectors of strategic importance to Moscow, such as energy. The aim is to steal sensitive Intellectual Property (IP) to help alleviate Russia’s sanctioned-induced socio-economic deterioration.
• Further Russian acts of traditional espionage will highly likely occur in Western Europe over the coming years, especially given that the war of attrition between Russian and Ukrainian forces in the Donbas region of Ukraine is set to persist for the foreseeable future. As such, Russian intelligence operatives will likely seek out sensitive information from Western government agencies to help assist its operational and tactical goals in Ukraine – e.g. troop location or logistical line – or steal information from strategic sectors – such as energy, telecommunications, or IT.

Since the Russian military invaded Ukraine in 2022, Western media coverage has focused heavily on Moscow’s attempts to gather intelligence from Western nations – including the Netherlands – via cyber or digital espionage. Technology firm Microsoft’s 2023 Digital Defence Report claimed that 36% of Russian cyberattacks were targeted against NATO member states – including the Netherlands – with government and private sector firms operating in critical infrastructure – such as energy, IT or defence – constituting notable targets.

However, this focus on these non-traditional forms of espionage has obfuscated the persistent and enduring threat posed by the traditional methods of espionage conducted by Russian intelligence officers. The Netherlands is an active member state of important regional frameworks such as NATO and the EU, where members exchange intelligence information that holds strategic importance to the Russian government and could help them in their military activities in Ukraine, e.g. the type of military or financial support the Netherlands provides Kyiv.  

Focus on non-traditional forms of espionage has obfuscated the persistent and enduring threat posed by the traditional methods of espionage conducted by Russian intelligence officers.

However, Russia’s traditional espionage activity can also have a secondary motive. Russian businesses have been negatively impacted by the international sanctions levied against them, limiting their abilities to acquire the necessary parts and materials to engage in critical Research and Development (R&D), stifling the Russian economy as a result. The Netherlands is home to businesses at the top of sectors that are of strategic importance to the Russian government – such as energy, defence, or IT. As such, a well-positioned source within the Netherlands, aka a Dutch insider, could serve as a conduit for Russian intelligence to gather confidential details from not just the Dutch government but also vital business information. The theft of such information presents a potential threat to Dutch firms’ competitiveness within their respective markets.

‍

Russian intelligence officers often operate under a cover to conceal their true background – these covers can be largely grouped into three categories. The official cover, also called diplomatic cover, is the first category. This means that the intelligence officers are formally diplomats, stationed at a Russian embassy, a Russian consulate, or a Russian trade representative abroad. They use their diplomatic cover and accompanying diplomatic immunity to conduct intelligence work.

The second category concerns the so-called non-official covers. These are intelligence officers posing as e.g. journalists, scientists, or employees applying to Western companies of interest or operating out of an international Russian company. The third and last category can be described as “illegals”. This category defines Russian-directed agents who operate under a mostly non-Russian alias identity.

It is the second and third categories that pose the most notable threat to Dutch businesses. The individuals utilising the first cover category are most likely to target Western government agencies to acquire information about issues of strategic importance to Moscow – e.g. Dutch military contributions to NATO activities. However, these latter categories present the possibility for either Russian operatives or local Dutch insiders to join and integrate themselves into Western businesses operating in sectors of strategic importance to Moscow – such as energy – and slowly disseminate critical business information – e.g. R&D, business plans, financial records, etc. – back to Russia which can be used to alleviate the country’s enduring and sanction-induced socio-economic decline.  

‍

Instances of Russian cyberespionage and monitoring incidents are more plentiful in the Netherlands. In contrast, publicly acknowledged examples of traditional Russian espionage in Dutch society as less readily available. This is largely due to the notable reputational damage such examples could pose to the Dutch government and/or major Dutch businesses if publicly discovered.

However, several notable examples from the past four years show that intelligence officers from the Russian Foreign Intelligence Service (SVR) and the Russian Main Directorate of the General Staff of the Armed Forces (GRU) attempted to spy in the Netherlands under various covers. In 2020, the Dutch General Intelligence and Security Service (AIVD) uncovered and disrupted the operations of an SVR intelligence officer. This Russian agent, who was stationed at the Russian embassy in The Hague under diplomatic cover, was involved in espionage in the field of technology and science. He had built up a human network of more than ten people from the Dutch high-tech sector, who provided him with sensitive sector-specific information. The SVR intelligence officer was declared persona non grata in the Netherlands and expelled.

He [an SVR officer] had built up a human network of more than ten people from the Dutch high-tech sector, who provided him with sensitive sector-specific information

In a separate example in 2022, the AIVD prevented an GRU illegal from working as an intern for the International Criminal Court (ICC) in The Hague. The ICC is investigating, among other things, alleged Russian war crimes in Ukraine. The illegal, who had a Brazilian cover identity, was arrested at Schiphol and sent back to Brazil for prosecution before he was able to join the ICC and potentially influence its work in favour of Russia.

In response to previous espionage attempts and Russia’s invasion of Ukraine, 17 Russian intelligence officers who were stationed under diplomatic cover at the Russian permanent missions in the Netherlands, were expelled in March 2022. More than 350 alleged Russian intelligence officers have been similarly expelled across Europe since the start of the Ukraine conflict in February 2022. Despite their expulsion, three Russian intelligence officers are still working under diplomatic cover at the Russian embassy in The Hague according to the Dutch intelligence services. Their presence will prolong the risk that Dutch businesses face from Russia’s traditional espionage operations.

‍

The Dutch intelligence services assessed that the expulsions of the aforementioned Russian operatives in March 2022 significantly reduced Moscow’s capability to spy on the Dutch government through its diplomatic covers. Despite this, the threat of Russian classic espionage remains, with the AIVD also assessing that Moscow is likely to try and rebuild its presence of intelligence officers under diplomatic cover.

There are also still Russian nationals stationed in the Netherlands, including at international organisations- such as the International Court of Justice and the OPCW – but also Russians who work for international businesses stationed in the Netherlands who leftRussia for economic opportunities and not as political opposition to theUkraine conflict. As such, they are at a heightened risk of being influenced or persuaded by Russian intelligence operators to engage in corporate espionage for financial gain or under duress if they have family back in Russia that can be used as hostages.

‍

There is a high likelihood that further Russian acts of traditional espionage will occur in Western Europe over the coming months, especially given that the war of attrition between Russian and Ukrainian forces in the Donbas region of Ukraine is set to persist for the foreseeable future. As such, Russian intelligence operatives are likely to seek out sensitive information from Western government agencies that will help assist its operational and tactical goals in Ukraine – e.g. troop location or logistical lines. However, these intelligence operations are also highly likely to remain aimed at offsetting Russia’s socio-economic decline by targeting high-value Western businesses – such as energy or technology firms – and continue funding its war effort. To mitigate these threats, firms operating in high-risk sectors could implement – amongst others – the following policies:

1. Build out or hire a robust screening team that is knowledgeable of Russia’s unique geopolitical environment. This screening process would undergo a due diligence process on a company’s employees to check – amongst other things – whether they could be susceptibel to Russian influence to engage in Moscow-directed threats such as corporate espionage.
2. Build out an in-house or hire a third-party geopolitical risk intelligence function to keep your organisation abreast of ongoing developments related to Russia and its modus operands to mitigate the risks posed by Russian threat actors.

Proximities can help you gain these key insightsand turn them into tangible material. Using our ‘What?’, ‘So What?’, ‘What if?’and ‘What Now?’ narratives, we help partners and clients not only understandthe importance of trends and events but, more specifically, to understand whatit means for you and your business from strategic to operational consequences.Curious and interested to see how we could help you? Don’t hesitate to contactus, we will be happy to support you.

‍

‍