When Secretary of State Antony Blinken arrived in South Africa on Aug. 8, 2022, he had a clear message for countries across the continent: “The United States will not dictate Africa’s choices, and neither should anyone else.” Despite Blinken’s denials, it was widely speculated that this diplomatic tour was aimed at highlighting global food shortages linked to the Putin regime’s war on Ukraine — and Russian political influence across Africa broadly. This appears to be correct, but there is more than food prices on the agenda.
A primary vector of Moscow’s influence has been Russian private military companies (PMCs). On top of running disinformation campaigns and weaponizing loans, these corporate mercenary outfits have deployed across Africa, in Mali, Sudan, the Central African Republic, Mozambique, and Madagascar. Russian PMC activity also goes far beyond Africa, providing bodyguard services to Venezuelan dictator Nicolas Maduro, reclaiming Syrian oil fields for the Assad regime, and fighting in the ongoing, illegal Kremlin war on Ukraine.
Russian PMCs will only continue to be a growing threat to global security — whether companies act at the Kremlin’s explicit direction, or independently profit from overseas subversion and exploitation. And technology is poised to be a key part of their activities. As we describe in a new issue brief for the Atlantic Council, the proliferation of private hacking, surveillance, and social media manipulation tools — and at least one Russian PMC’s buildout of an in-house cyber unit — demands attention from US policymakers to address this mechanism of Kremlin proxy warfare.
A MULTIFACETED THREAT
Russian PMCs offer a wide range of services to their clients. They train foreign armed forces and groups acting, as then Prime Minister Vladimir Putin said in 2012, as tools of global influence. In the early 1990s, for instance, Rubikon, a security firm based in St. Petersburg and “supervised by Russian security services,” helped organize volunteers to fight for the Serbs in then-Yugoslavia. Recently, Russian PMC ENOT Corp has allegedly run paramilitary training camps for right-wing individuals in Belarus. And Russian PMCs in Libya have trained Libyan National Army (LNA) forces and even repaired their military equipment.
Looking forward, the growing accessibility of hacking, social media manipulation, and other technologies will only accelerate Russian PMCs’ ability to project power globally.
These actors also guard natural resource extraction sites for governments — a role that often involves direct engagement in combat alongside local forces. In the Central African Republic, the Wagner Group has been used to bolster support for President Faustin-Archange Touadéra’s government — training local soldiers, protecting leaders, providing security services at the country’s diamond mines, and engaging with Malian insurgents — following the exit of French peacekeeping forces in 2017. These mines, back in government hands, now fund Wagner, a portion of whose payment is provided in diamonds. In Syria, the Wagner Group again was embroiled in the conflict while guarding oil fields on behalf of the Asaad regime. That presence included a direct firefight with US forces that resulted in the deaths of several Russian mercenaries.
As we continue to see in Ukraine, Russian PMCs are also employed in direct combat. Reporting, as well as official British statements, describe the ongoing role of the Wagner Group fighting alongside and acting as force augmentation for the Russian military. These fighters were likely brought in to increase the effectiveness of Russian forces and have exercised brutality in doing so — Wagner mercenaries have been linked to the massacre of civilians in Bucha, Ukraine earlier this year.
EMERGING CYBER CAPABILITIES
Looking forward, the growing accessibility of hacking, social media manipulation, and other technologies will only accelerate Russian PMCs’ ability to project power globally. Russian PMCs already conduct “political warfare” activities, ranging from subversive activities to assassination, reminiscent of the kinds of “active measures” that Soviet intelligence services deployed throughout the Cold War. In the Central African Republic, for example, Yevgeny Prigozhin — the head of the Wagner Group PMC and their operations there — has also created a Russian radio station with a wider reach than that of the state, and seemingly directed the Internet Research Agency troll farm to target the CAR with pro-Russian propaganda.
While PMC cyber capabilities are only fledging, they will likely continue to expand in the years to come. The PMC RSB Group set up a cyber attachment in 2016 that was reportedly capable of both defensive and offensive activities. Other PMC units “recruit human intelligence sources, guide (intelligence, surveillance, and reconnaissance) platforms and systems, collect signals intelligence, and analyze intelligence and open-source information,” according to a Center for Strategic & International Studies report.
Russian PMCs may be able to partner with Russian private companies or state labs working as proxies for Russian military and intelligence organizations to acquire offensive cyber capabilities. In 2018, FireEye Intelligence pointed to Russia’s Central Scientific Research Institute of Chemistry and Mechanics as likely supporting the deployment of Triton, an operational technology-focused malware, and the US government later sanctioned the lab. The US government claims that a private Russian firm, Positive Technologies — which the US Treasury sanctioned and identified as supporting the Russian Federal Security Service (FSB) — continues to develop offensive cyber capabilities on behalf of the Russian government. Leveraging the capabilities of such organizations would prevent PMCs from needing to develop significant and costly new in-house talent or drawing the added scrutiny of Russian government authorities.
Additionally, cyber-surveillance tools like those developed by commercial Access-as-a-Service companies outside Russia, like NSO Group and DarkMatter, could enable PMCs to vastly enhance their list of services and expand their clientele among global autocrats and oligarchs, thus substantially enhancing their utility to the Kremlin. These companies are well-positioned to provide PMCs with intelligence gathering and ongoing high-value target surveillance capacity across the world.
Because of the premium the Kremlin places on deniability, entrepreneurialism within its security ecosystem, and political warfare below the threshold of armed war, Russian PMCs will continue to play a central role in Moscow’s conflict toolkit. The more that technology becomes a part of the picture, the more US policymakers will have to confront cyber and surveillance capabilities permeating throughout this Russian web and across the globe.
Emma Schroeder is an associate director with the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab).
Justin Sherman is a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative.
Gavin Wilde is a senior fellow at the Carnegie Endowment for International Peace and a nonresident fellow at Defense Priorities.
Trey Herr is the director of the Atlantic Council’s Cyber Statecraft Initiative under the Digital Forensic Research Lab (DFRLab).