Summary
- Senior European intelligence officials say Russian services are pursuing Western technology and defence secrets more aggressively.
- Reported activity includes fake companies, middlemen, cyber spies, hackers, and targeting of European firms and critical infrastructure.
- The business exposure sits across dual-use supply chains, research security, supplier due diligence, and sanctions controls.
European intelligence officials are warning that Russian services are intensifying efforts to obtain Western technology and defence secrets, using cyber activity, front companies, intermediaries, and industrial targeting as sanctions restrict Moscow’s access to advanced systems.
The warning is based on public reporting of intelligence assessments rather than a single government advisory, so the available evidence is necessarily partial. Even with that limitation, the reported activity connects cyber espionage, sanctions evasion, dual-use technology, and critical infrastructure in a way that creates direct exposure for European organisations.
Senior officials from Sweden, Finland, and Estonia described Russian activity aimed at advanced machine tools, factory equipment, defence research, camera and laser technology, software updates for industrial machinery, space technology, quantum research, Arctic technology, and marine systems. Those categories extend well beyond major defence primes. They include manufacturers, universities, specialist suppliers, software providers, logistics firms, and research partnerships.
Companies can become part of a war-related supply chain without setting out to support one. A supplier may not regard itself as a defence contractor, yet still hold design knowledge, components, engineering capability, software, or production data with military or intelligence value.
The cyber dimension is explicit in the public accounts. Russian actors are described as using cyberattacks against European companies and critical infrastructure to gather information that could later be used by Moscow. A Swedish power plant attack was cited as activity that moved beyond reconnaissance and intelligence collection into a more destructive posture, although public technical detail remains limited.
The exposure cannot be reduced to threat-actor naming. Research, engineering, product, procurement, and supplier-management functions all need a shared view of what is sensitive. A company may have strong perimeter security while still carrying weak due diligence around intermediaries, overseas distributors, contract manufacturers, or software maintenance relationships.
Sanctions pressure changes the operating environment. When lawful access to components and expertise is constrained, covert procurement, intelligence collection, and supplier deception become more valuable. Organisations whose products or knowledge can support military, surveillance, aerospace, maritime, industrial, or communications capability become more exposed, even when cyber security is not their primary business risk.
Boards and risk committees may need to treat sanctions, export control, cyber security, and intellectual-property protection as connected areas of governance. The traditional separation between legal compliance, cyber defence, research security, and procurement can leave gaps that an intelligence service can exploit. A fake company does not need to break into a network if it can obtain access through an apparently legitimate transaction or partnership.
Universities and research institutions face similar pressure where collaborative projects involve advanced materials, quantum technologies, aerospace systems, autonomous platforms, maritime engineering, or software that can support industrial capability. Cyber controls need to sit alongside partner due diligence, data classification, access governance, and clear rules on movement of research material.
The warning also lands in a broader European resilience debate. Critical infrastructure operators, technology suppliers, and public bodies are already being pushed to improve cyber maturity under NIS2 and related national rules. Espionage aimed at technology acquisition shows that resilience is not limited to service continuity. It also includes protection of intellectual property, production knowledge, and supplier trust.
The available facts remain partly intelligence-led and partly public. The direction is clear enough for risk owners to act: Russia’s need for advanced technology creates cyber and supply-chain exposure for European organisations whose work has strategic value, including many that would not describe themselves as defence-sector targets.
