Since Russia’s full-scale invasion of Ukraine, Europe and the collective West have faced relentless hybrid warfare campaigns that seek to undermine public trust, cohesion and the security of our democracies. In this asymmetrical fight, the Kremlin has exploited a state-criminal fusion wherein criminal acts and actors have become core components of Russia’s foreign policy apparatus. The Center for the Study of Democracy examined these dynamics and their implications for European security in a recent report, which dissected the deliberate model of statecraft the Kremlin has adopted. This model merges intelligence services, oligarchs, and transnational crime networks to realise geopolitical objectives and achieving hybrid warfare aims. At the same time, a joint report by GLOBSEC and the International Centre for Counter-Terrorism (ICCT) has identified more than 130 individuals hired by Russia for sabotage and subversion in Europe since 2022, underscoring that Russia’s hybrid operations are inseparable from illicit finance and sanctions evasion.

These two reports formed the foundation of the public discussion Organised Crime in State-Sponsored Hybrid Warfare held in Sofia on 11 December 2025, whichbrought together CSD’s leading analysts, international experts, and local institutional representatives.

Ruslan Stefanov, CSD’s Program Director and Dominika Hajdu, Director for Policy and Programming at GLOBSEC, set the tone for the discussion by drawing a stark picture of Europe’s fast-changing hybrid and criminal threat landscape. Stefanov recalled how Russia has been deliberately using organised crime since the 1990s and warned that the war in Ukraine has supercharged these dynamics. He pointed to an estimated €31 billion in illicit financial flows linked to the conflict, arguing that this money is not just fuelling corruption but exposing deep structural vulnerabilities in European economies. Hajdu stressed that hybrid threats are now “fully operational”, erasing the line between internal and external actors and demanding responses that cut across institutions, sectors, and borders. Both underlined that governments cannot face this alone – the private sector has become an indispensable partner in any credible defence.

Picking up the thread, Rositsa Dzhekova, Director of the Democracy Shield Task Force, pushed back against the idea that criminal actors are merely opportunistic. These networks, she argued, are strategically woven into Russia’s broader hybrid playbook. Understanding how they evolve, move, and plug into political and economic systems across Europe is essential for spotting the blind spots that hostile actors exploit. Ryan McLaren, analyst at CSD’s Security Program and the Democracy Shield Task Force, presented CSD’s latest findings on how the Kremlin uses these criminal structures as an extension of statecraft. He showed how smuggling, sanctions evasion, Crime-as-a-Service markets, governance capture, energy manipulation, and orchestrated migration pressures are not isolated phenomena, but deliberate components of a single, hybrid warfare strategy aimed at the collective West.

The external security dimension was further unpacked by Kacper Rekawek, Senior Research Fellow at ICCT. He explored the crime–terror nexus underpinning Russia’s operations, describing a “long-leash” approach in which financially motivated recruits, covert sabotage operations, and the exploitation of legal loopholes sustain a campaign that stretches across the continent. Recent incidents, including sabotage attempts on rail infrastructure in Poland, were cited as examples of how Moscow masks its role by mimicking local grievances or ideological conflicts, blurring the lines between criminal, political, and quasi-diplomatic activity.

Concluding the panel, Bulgaria’s Cybersecurity Ambassador at Large, Zlatin Krastev, warned that many states still hesitate to publicly acknowledge Russian attacks – a stance he called a “fallacy of risk miscalculation”. Drawing on Ukraine’s experience, he argued that Europe must significantly upgrade its investigative, surveillance, and rapid-response capabilities, while reinforcing NATO’s deterrence posture. At the same time, he insisted that these measures must be accompanied by an honest public debate about how to balance privacy with the level of security required to confront a sophisticated, long-term hybrid threat.

Overall, participants emphasised the need for Europe to urgently fill the gaps in its internal security capacity. They called for unified intelligence-driven responses, asset targeting, legislative reform, improved interagency cooperation, a rethinking criminal law frameworks and ultimately, a new strategic ontology, ready for Europe’s new geopolitical environment.