BANNER: A man checks his mobile phone in central Moscow, Russia, on March 17, 2026. (Source: REUTERS/Ramil Sitdikov)

In early 2026, the European Commission was forced to confront a critical vulnerability in its secure communications: the human element. Following intelligence warnings that attackers were compromising Signal accounts through social engineering and impersonation, rather than by breaking the underlying encryption, the Commission took the unprecedented step of ordering senior officials to shut down internal group chats used for confidential coordination. In the vocabulary of Russian military doctrine, this is a classic execution of “reflexive control”, feeding an adversary specifically curated information to compel them to make a predetermined, self-limiting decision. By forcing the Commission to dismantle its own coordination spaces out of fear, Moscow achieved a strategic win without firing a single shot, proving that their primary target is not the software’s encryption, but the user’s “mental firewall.” The move signals a shift in the threat landscape, where the behavior of the user has become as great a liability as the security of the software.

The threat was not theoretical. European Intelligence indicated a series of phishing-style operations where Russian attackers impersonated legitimate contacts or platform support to harvest credentials and gain account access. These tactics relied on social engineering rather than technical exploitation, leveraging established professional trust to bypass the security measures of the network.

Weeks later, in Moscow, a different kind of disruption unfolded, this time as a result of actions taken by Russian authorities. Mobile internet access across parts of the city was abruptly restricted, leading to navigation apps failing,  payment systems stalling, and messaging platforms becoming unreliable. Officials cited security concerns, including drone threats, but the impact on daily life was immediate and widespread.

These incidents are not anomalies. Since 2025, Russia has carried out hundreds, by some estimates thousands, of mobile internet shutdowns, often framed as security measures, but extending well beyond active conflict zones. Together, they signal a deeper shift: Russia is not merely controlling the internet; it is redefining it as an instrument of state power.

Western analysis still tends to lean on a narrow vocabulary using terms like censorship, surveillance, and cyberattacks. These, however, describe tactics, not strategy. Russia’s “sovereign internet”, a state-controlled network designed to operate independently from the global internet, is not just a tool of repression; it is a dual-use architecture designed to consolidate control at home while expanding freedom of action abroad. The recent disruptions are not signs of fragility but of calibration, and they point to the fact that the intent is not full isolation, but selective control. In this sense, connectivity is maintained when it is useful, and it is restricted, filtered, or rerouted when it becomes a liability. The result is a model best understood as conditional autonomy, a network that remains globally connected, but increasingly on the state’s terms. Critically, this “sovereign” architecture does not function as a simple kill switch. Instead, it acts as a funnel: by keeping traffic flowing through state-controlled nodes rather than severing it, the authorities maintain a “searchable surveillance” state. This allows for active data-mining and real-time monitoring, ensuring the internet remains useful for state security even as it is restricted to the public. This flexibility gives Moscow something strategically valuable: a politically hardened and operationally resilient rear base.

For Europe, the implications are uncomfortable. The most exposed vulnerabilities are not just technical; they are systemic. Security debates that focus on infrastructure, mainly cables, servers, and grids, overlook a larger threat. These matter. But Russia is targeting something more fragile: trust-dependent systems that sustain open societies. Authentication frameworks, public communications, independent media, elections, diaspora networks, and academic and civil society platforms are not peripheral. On the contrary, they are the operating systems of democracy, and their openness is precisely what makes them exploitable. A critical front in this battle is identity provenance. Russia is increasingly weaponizing synthetic media (deepfakes and AI-generated audio) to erode the ability to verify who is on the other end of a line. This turns legacy trust in voice and video communications into a high-risk vulnerability, as officials can no longer be certain of the “provenance of their peers” digital identities.

This approach has deep roots. It echoes Soviet-era “active measures,” where the objective was not simply to penetrate systems, but to shape perception by amplifying divisions, distorting narratives, and eroding confidence from within. Digital tools have made these tactics faster, cheaper, and harder to attribute. Where liberal democracies see openness as resilience, Russia treats it as an opportunity. This is what distinguishes its model from China’s: China looks inward, prioritizing order; Russia looks outward, engineering disruption.

At its core, Russia’s strategy rests on three principles: sovereignty, survivability, and asymmetry. Sovereignty secures control over the domestic information space, while survivability ensures the system functions under pressure, whether they take the form of sanctions, conflict, or instability. Asymmetry allows outsized political effects at low cost.

The recent internet disruptions reflect all three. They show a state willing to trade efficiency for control, a network designed to operate under constraint, and a preference for flexibility over seamlessness. For Russia, these are rational choices. For Europe, they are warnings.

European cyber policy remains focused on high-impact scenarios, like catastrophic attacks, systemic outages, and large-scale cyberwarfare. But Russia’s comparative advantage lies below that threshold. Through disinformation, influence operations, social engineering, and selective intrusions, it degrades rather than destroys; it distorts rather than silences; it weakens trust rather than dismantles systems outright. These operations often begin not with code, but with credibility, more specifically, impersonation, behavioral manipulation, and trust exploitation. Once trust is compromised, effects cascade through systems designed to operate with minimal friction. Europe’s posture does not fully account for this. It protects infrastructure but underinvests in the trust frameworks that give that infrastructure meaning. x

Meanwhile, Russia is recalibrating its own dependencies. Full technological independence remains out of reach, but reliance on Western systems is being reduced while ties to alternative ecosystems, especially China’s, are deepening. Domestically, restrictions on foreign platforms have driven widespread virtual private network (VPN) use, even as the state moves to monitor and constrain those workarounds. The result is a hybrid model: partial autonomy, managed dependence.

This is part of a broader trend. The global internet is fragmenting across norms, supply chains, and governance models. Russia is actively shaping that shift, including at the level of international institutions, such as the United Nations’ International Telecommunication Union (ITU) and the Security Council. Language is a battleground. Where the West speaks of “cybersecurity,” Russia promotes “information security.” The difference is strategic. In Moscow’s framing, threats include not only technical attacks but also narratives, political content, and uncontrolled information flows. The response is to securitize information itself, justifying domestic control while advancing international norms that challenge the open, rights-based model of the internet.

The Moscow outages and the impersonation of a European official are not separate phenomena. They are expressions of the same system, one targeting infrastructure and the other targeting trust. Together, they reveal a model that is not withdrawing from the global internet, but attempting to reshape it, using connectivity as both shield and weapon. To this end, Russia’s advantage is not technological superiority, but strategic clarity. It has identified a core vulnerability in open societies: their reliance on trust, transparency, and low-friction participation, and has built a system to exploit it.

Europe, by contrast, remains caught between preserving openness and defending against its misuse. The risk is not just underestimating Russia, but misdiagnosing the threat.  The central question is no longer how to defend networks, but how to navigate the paradox of openness. This paradox—a historical staple of Russian interference now updated with a digital layer—dictates that the very transparency and low friction that make a society democratic also make it uniquely vulnerable to subversion. While openness remains a fundamental strength, Europe must recognize it is now a contested battlespace where the primary objective is the preservation of systemic trust.

Konstantinos Komaitis, “The real target of Russia’s internet strategy isn’t infrastructure—it’s trust” Digital Forensic Research Lab (DFRLab), May 1, 2026, https://dfrlab.org/2026/04/30/the-real-target-of-russias-internet-strategy-isnt-infrastructureits-trust/.