In this part of the series, we are looking at how PowerShell can be used to cause large-scale disruption, from slowing systems to completely knocking them offline. These techniques range from simple resource exhaustion attacks that overload CPU and memory, to disabling hardware interfaces, wiping license keys, and finally forcing systems into a blue screen or rendering them unbootable.
It must be stressed from the outset that these techniques are highly destructive. They are not tools for casual experimentation. Some of them have been in use during cyber war operations to defend Ukraine against Russia. If misused in the wrong context, however, the results can be catastrophic and irreversible.
We will begin with the basics and gradually move toward the most dangerous techniques.
This script works by aggressively consuming system memory. It repeatedly allocates large arrays until nearly all available RAM is exhausted, leaving only a small buffer so the operating system does not immediately collapse. The machine slows to a crawl, applications stop responding, and the system becomes unusable.
In practice, this type of attack can serve multiple purposes. It can be used as a denial-of-service tactic to lock down a workstation or server, or it can act as a distraction, forcing administrators to focus on degraded performance while other activity takes place unnoticed in the background.
Execution is straightforward:
PS > .\loadram.ps1
Before execution the system may appear stable, but once the script runs memory consumption spikes and responsiveness slows significantly.
This script applies the same principle to processor cores. It launches high-priority mathematical operations across every CPU thread, pinning usage at 100% until the script is terminated. Just as with RAM exhaustion, this method can disrupt normal operations or serve as a cover while other malicious tasks are executed.
Run the script like so:
PS > .\loadcpu.ps1
The machine becomes unresponsive, fans spin up, and users quickly realize something is wrong.
This script takes a more subtle but equally damaging approach. It clears Windows product keys by wiping out OEM, retail, and volume license entries from the registry. Once executed, the system is effectively stripped of activation data. After restarting the Software Protection Service, Windows appears unlicensed and may refuse to validate against Microsoft servers.
Execution:
PS > .\license.ps1
You can attempt to check the product key afterward with:
PS > (Get-WmiObject -query 'select from SoftwareLicensingService').OA3xOriginalProductKey
The result will be empty, confirming the license data is gone.
This script disables both network adapters and USB controllers, cutting a machine off from connectivity and removable storage entirely. Once triggered, there is no way to transfer files, connect to the network, or even plug in a recovery device without significant manual intervention.
Administrators might deploy this in a crisis to instantly isolate a machine during incident response, but in the wrong hands it is a sabotage tool that leaves the user effectively locked out.
The PowerSploit framework includes a dedicated module called Mayhem, containing two of the most destructive PowerShell functions available: Set-CriticalProcess and Set-MasterBootRecord. Both go far beyond simple resource exhaustion, directly attacking the stability of the operating system itself.
Set-CriticalProcess
Windows protects certain processes, such as smss.exe and csrss.exe, by marking them as critical. If they are terminated, the system triggers a Blue Screen of Death. The Set-CriticalProcess command allows you to tag any process with this critical status. Killing it immediately forces a system crash.
The crash itself does not cause permanent damage. After reboot, Windows resumes normal operation. This makes it useful as a temporary denial tactic forcing downtime, but not wiping the machine.
To use it, first copy the Mayhem module from the repository to:
C:\Program Files\WindowsPowerShell\Modules\
Then run:
PS > Set-CriticalProcess
Confirm with Y, and expect the machine to blue screen in moments.
Set-MasterBootRecord
This is the most destructive of all. Unlike Set-CriticalProcess, which only disrupts a running session, this attack corrupts the Master Boot Record (MBR), which is the first sector of the hard drive. The MBR contains the bootloader and partition table, and without it Windows cannot load.
Once overwritten, the system may only display a custom message, refusing to boot into the OS. This tactic mirrors the behavior of destructive malware and ransomware wipers, leaving the target machine completely unusable until the bootloader is repaired or reinstalled.
Example execution:
PS > Set-MasterBootRecord -BootMessage 'Pwned by Cyber Cossacks!'
To automate a reboot and ensure the payload takes effect immediately:
PS > Set-MasterBootRecord -BootMessage 'Pwned by Cyber Cossacks!' -Force -RebootImmediately
After reboot, the system will no longer load Windows.
Summary
The techniques described in this article show just how far PowerShell can be pushed when used as a weapon. What begins with simple disruption through RAM and CPU exhaustion quickly escalates into far more destructive actions such as disabling hardware, wiping licensing data, and crashing or even bricking systems by targeting their most fundamental components. In a cyber war context, these capabilities are significant because they move beyond espionage or lateral movement and directly affect the ability of an adversary to operate. The destructive potential cannot be overstated: once unleashed, these techniques can ripple across organizations, producing effects that are not easily reversed. That is why understanding them is important not only for those who might employ them, but also for defenders who need to recognize the damage they can cause and prepare accordingly.
EXPERT Q&A — Reports of damage to undersea cables across the world are on the rise, with suspected foul play in many of these incidents. These cables are crucial conduits for communications, financial transactions, Internet traffic and even intelligence, making them prime targets of gray zone tactics, from suspected Russian sabotage of Baltic Sea cables to alleged Chinese severing of cables in the Taiwan Strait. The Federal Communications Commission voted last Thursday to update U.S. rules on subsea cable development, aiming to streamline construction and better protect this critical undersea infrastructure.
The Cipher Brief spoke with Rear Admiral (Ret.) Mike Studeman, who served as Commander of the Office of Naval Intelligence, about what he says is an ongoing assault on undersea cables — including “outside-in” attacks like sabotage and “inside-out” attacks from embedded exploits — and how the U.S. and its allies can better defend the cables they rely on. Our conversation has been edited for length and clarity.
The Cipher Brief: What is the perceived danger that we're talking about here that the Congress is perhaps seeking to address?
RADM Studeman: It's very clear that the adversaries of the United States, the Chinas and the Russias of the world, are very keen on trying to get leverage in various ways against the United States and the West through critical infrastructure. The subsea cables are just one element of critical infrastructure.
But frankly, the statistics would blow people's minds. Ninety-nine percent of our Internet traffic goes through the undersea environment. When you think about the capacity of those cables, it's terabytes of information versus gigabytes of information through satellites. So essentially, when you go through satellites, it's like drinking a glass of water in terms of the amount of data throughput you get. But undersea cables, it's like trying to drink a large swimming pool worth of data. So we're highly dependent on those. $22 trillion of financial transactions are processed through undersea cables every day. We also have our defense, our national security, our intelligence riding those cables like everybody else with their streaming videos and emails and all the rest. So the threat there is significant, just like it would be on land-based sites with people trying to get into your communications, manipulate them, outright disrupt them through severing and cutting.
The Cipher Brief: The implication of the request made by the House would appear that this is less of a concern about the severing and cutting of cables, but more that Chinese companies, particularly the maintenance and repair companies, may be getting access to these cables,and then doing what? Is it tapping? What are we talking about here?
RADM Studeman: There's the outside-in and then the inside-out threats and it's worth bifurcating it in the beginning. So if you're talking about the six sea cables that were more than likely purposely cut by Russia and China since November 2024 in the Baltics and the Taiwan Strait, it shows you what can happen. Now there are natural ways cables get cut; 150 to 200 times each year cables are damaged by underwater volcanoes, dredging, fishing vessels accidentally dragging their anchors. But these are more purposeful nation state threats that we're seeing that are emerging. So there's no doubt about the outside-in, which means we got to track suspicious vessels.
But the inside out threat is just as significant and we need to be mindful of it. There's a lot of different equipment that can be at the terminal landing sites in between the subsea segments from optical repeaters to other junction points on sea cables that could potentially have malware in them that could perform a variety of functions when directed. So part of it is about espionage and the ability to shunt information into a place where Chinese and Russian intelligence can go through it, even if it's encrypted. They're hoping that later on with decryption capabilities they are working on that they could end up having all this data that they can back cast and decrypt to learn all sorts of secrets. So there's the shunting and the access to data. And there's also the ability to potentially exploit and disrupt from the inside with whatever functionality exists anywhere along the full length of those cables.
Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.
The Cipher Brief: How easy is it to say, we're not going to use those repair companies because they're associated with China, and we're just going to pivot and do it ourselves or figure out some other way? Is that something that can be changed on a dime? How hard is that?
RADM Studeman: We'll have to ask Microsoft, Google, Meta, and some other companies that question because the extent to which they're dependent and whether or not they have alternate ways of providing those services is really known better to them. But the report that got this going in the first place was that Microsoft was using Chinese companies to be involved in some of the maintenance work here.
I think we're doing the right thing. I think that there are alternate companies that can in fact provide these services and we need to get really wise about this and then hold the companies accountable to the national security requirements, which are legitimate, that we need them to be cooperative in to be safer and frankly more resilient because our adversaries wouldn't hesitate to use some of these exploitation techniques in the future. We can't be naive about this.
The Cipher Brief: Is there any evidence to your knowledge that this is more than a concern at the moment? In other words, any evidence that China has gotten into that big data fire hose that comes into this country or anywhere else for nefarious purposes?
RADM Studeman: I think it's 100% safe to say that the Chinese have been grabbing big data from all forms of communication that traverse the earth, including a substantial amount of U.S. and allied data that they have sitting there, which has been examined by their intelligence services, and could in the future, if encryption is broken, depending on what level it is, potentially also be something that they can analyze and go through. This is not some kind of theoretical threat. This is trying to stop something that's underway.
The Cipher Brief: And other than getting American or non-Chinese entities to do that work at the bottom of the ocean floor on the maintenance and repair side, is there anything else that you think ought to be done to address the threat?
RADM Studeman: I do think that when it comes to the manufacture of some of these cables that they're going, and discussions already exist about this, to put sensors of various types on there. There are normal anomalies and then other anomalies that could indicate that somebody's up to no good. There's signal distortions, there could be latency delays, there could be some anomalies after work is done in a certain segment of your cables. All those things deserve to have more sensors and therefore more analysis and more awareness because then you will know how to act appropriately to nip something in the bud, ideally, or to stop it soon after you detect it. But many cables are essentially dumb cables; they don't have enough of that sensing capability. So the newer ones should incorporate that technology that exists today. It's not hard, although it drives up the expense a little bit.
When it comes to the inside-out too, I do think that there are probably some software types and analytics that you could run against the data that the sensors provide. There's a different kind of tailored, maybe agentic AI which could be focused in this area too, to make sure you're not chasing your tail with false alarms. Trying to distinguish something that's truly, legitimately a concern versus something environmental or endemic to the running of the cable system altogether.
And then of course, you've already talked about steps to take with regard to identifying suspicious vessels that may be operating over these cables that may be up to no good. How do you deter that or how do you respond to that?
I also think that in terms of some of the resiliency efforts, we're gonna need to have more essentially underwater flyers, underwater drones. If you think about the Chinese and the Russian deep sea programs that have intent to go after cables, you need to examine them to make sure there's not a box that's been laid on top of them. Having some regular patrols, the Baltic states are currently doing that at the sort of air and surface level. And they're thinking about the desire for the undersea. We need to have more essentially drone flyers that are cheap, that can fly over the most critical cables out there. That to me is also where the future is going with all of these dangers that exist.
Opinions expressed are those of the interviewee and do not represent the views or opinions of The Cipher Brief.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
EXPERT PERSPECTIVE / OPINION — The July 2025 sanctioning and indictment by the United Kingdom of three units and 18 individuals affiliated with the Main Directorate of the General Staff of the Russian Armed Forces - the GRU - highlighted clandestine sabotage and cyber operations by that service against communications lines and the Western transport and supply infrastructure critical to Ukraine’s war effort. "GRU spies,” British Foreign Secretary David Lammy said, “are running a campaign to destabilize Europe, undermine Ukraine’s sovereignty and threaten the safety of British citizens."
In fact, GRU sabotage operations against targets in non-belligerent nations pre-date the current conflict and reflect Moscow’s use of sabotage as a tool of statecraft in both war and peace dating back to the Soviet era. During the Cold War, Soviet and Warsaw Pact planners, led by the KGB and GRU, created detailed lists of Western targets —bridges, power plants, rail hubs, fuel depots, pipelines, and communication lines. These operations emphasized covert acts made to look like accidents, aiming to demoralize adversaries and create political discord within the western alliance. To facilitate such operations, the GRU placed highly trained deep-cover “illegals” in target countries.
Fortunately, such plans were never fully actualized during the Cold War. In the post-Cold War era, we have not been so lucky. One GRU entity sanctioned by the UK - Unit 29155 - is assessed as having been responsible for the 2014 destruction of a shipment of Czech-origin 152mm artillery shells on route to Georgia and attacks that same year on a Czech ammunition depot. Officers of the same unit poisoned Russian defector Sergei Skripal in the UK in 2018.
The current Russian sabotage campaign is, however, being waged on a far larger – and potentially much more dangerous – scale than previously seen Russian. Since Moscow’s 2022 invasion of Ukraine, the GRU has engaged in extensive sabotage designed to disrupt the flow of Western aid to Ukraine, to demoralize that country, and to pressure its allies to reduce their support for Kiev. With a focus on entities supplying the Ukrainian military, these operations have targeted air, rail, maritime, and logistics supply chain, as well as energy infrastructure and undersea cables.
Most alarmingly, in 2024 Western intelligence detected a GRU-backed scheme to place incendiaries in air cargo packages destined for the UK, Poland, and potentially North America. In one incident, a magnesium-based device caused a fire on a plane in Leipzig, Germany. This was a method evolved from Cold War sabotage tradecraft. Other incendiary parcels were intercepted or ignited in warehouses in Poland and the UK. The Poles arrested four persons tied to this operation, which is believed to have been the work of the GRU.
Thankfully, plans to down or destroy civilian aircraft have thus far failed. But such plots—and their exposure—are indicative of Moscow’s willingness to accept considerable operational and political risk in targeting logistics and supply networks delivering Western support to Ukraine. For Russian President Vladimir Putin, this is an existential war. The Russian leader appears prepared to do whatever he believes necessary to hammer out something he can call victory. At minimum, this means establishing Russian control over the Ukrainian districts - Donetsk, Luhansk, Kherson, and Zaporizhzhia—annexed by Moscow in 2022.
The friction surrounding any intelligence operation can lead to its failure no matter how well planned. But that peril is compounded when the intelligence service concerned has a well-deserved reputation for mounting operations both conceptually imprudent and flawed in their implementation. Soviet and Russian espionage history is rife with GRU operations that failed due to the sloppy tradecraft employed, a reality attested to in extensive open source reporting on that service’s supposedly secret operations by Bellingcat and others.
There can be no doubt that Putin, as a former KGB officer and Director of the Russian FSB, is aware of the GRU’s checkered operational history. The fact that he, nonetheless, sanctioned that service’s sabotage campaign speaks to the importance the Russian leader ascribes to impeding Western military assistance to Ukraine. At the same time, Putin surely also understands that his sabotage campaign might undermine his policy goals. Ongoing GRU sabotage operations – particularly if they result in a high-profile attack – can rebound against Russia’ goal of seeking to undermine Western backing for Kiev. A historical example of a sabotage campaign undertaken against non-belligerent targets by a military intelligence service with less than stellar operational acumen is instructive in this regard.
Everyone needs a good nightcap. Ours happens to come in the form of a M-F newsletter that keeps you up to speed on national security. Sign up today.
Early on July 30, 1916, one of the largest non-nuclear explosions in history rocked Black Tom Island, located in what is now Liberty State Park in Jersey City, New Jersey. A freight terminal and munitions depot storing approximately 2 million pounds of ammunition and explosives awaiting shipment to World War I’s Allied powers (primarily Russia and Britain) blew up with a force that measured between 5.0 and 5.5 on the Richter scale. Guards had noticed fires breaking out on the pier shortly after midnight. Despite efforts to raise the alarm and call firefighters, the blaze eventually reached massive stores of explosives, triggering the first and largest explosion. Additional blasts followed as the blaze spread through adjacent railcars and barges. Debris and shrapnel rained down across the region, injuring hundreds and sending residents fleeing their homes. Windows up to 25 miles away were broken and the Statue of Liberty was damaged, her torch closed to visitors thereafter. The catastrophe caused over $20 million in property damage (equivalent to over $580 million today). At least three adults and one child are known to have been killed, but some estimates put the toll much higher.
American investigators initially thought the disaster resulted from carelessness. There were, however, suspicions from the outset that it resulted from an act of sabotage perpetrated by German Military Intelligence. The only surprise was how long it took the U.S. to attribute responsibility to the Kaiser’s men given the many operational errors they made while carrying out a sabotage campaign against targets in what was then a non-belligerent U.S.
From the outset of World War I, the Germans were confronted with a conundrum as they sought to keep Washington neutral while at same time closing off the flow of food and war materiel from the U.S. to the Allied Powers. The strategy Berlin adopted – to rely on diplomacy to deal with the former challenge and on sabotage to achieve the latter objective – was mutually contradictory unless those sabotage operations were executed with perfect deniability. Unfortunately for the Kaiser, perfection is unachievable in clandestine operations.
Shortly after the 1914 assassination of the Austrian Archduke Franz Ferdinand, Berlin named the German Ambassador in Washington, Johann Count von Bernstoff, as Germany’s espionage and sabotage chief for the Western Hemisphere. This was not a wise choice. Not only was the Ambassador ill-suited to the task, his involvement in intelligence operations, coupled with Germany’s initiation of unrestricted submarine warfare the following year, hamstrung Bernstoff’s ability to fulfill his diplomatic function as he was thrust into the center of a diplomatic firestorm that grew in intensity and culminated in America’s declaration of war against Germany in 1917. Those chosen to assist the Ambassador likewise proved unsuited to the task.
Military attaché Captain Franz von Papen - who, as Germany’s Chancellor in the early 1930’s, would play a key role in dissolving the Weimar Republic and paving the way for Adolf Hitler’s appointment as Chancellor - and Naval attaché Captain Karl Boy-Ed operated brazenly out of a commercial office in New York. They set up a proprietary company which ostensibly did business with the intent of providing munitions to the Allied Powers. Their intent, in fact, was exactly the opposite.
Like the GRU, which has blended sabotage operations with cyberattacks on telecommunication and transportation networks in an apparent attempt to disrupt supply lines and undermine public support for Ukraine, German military intelligence disseminated propaganda to counter information unfavorable to their country. Operatives also manufactured counterfeit U.S. passports for ethnic Germans returning to the Fatherland to fight. Papen and Boy-Ed, however, concentrated most of their attention on directly impeding shipments of munitions and food from America to the Allied Powers.
To that end, the Germans sought to recruit agents to assist with sabotage and subversion operations. Americans of German heritage and Irish-Americans, with their innate disdain for Britain, were particularly susceptible to their approaches. Similarly, as the recent Polish arrest of a Colombian national suspected of involvement in two arson attacks on warehouses in that country attests, the GRU has used third country nationals as well as local recruits in their sabotage operations.
Much like the GRU operatives behind the current sabotage campaign, the inexperience of Papen and his colleagues, as well as the bad tradecraft they employed, were evident from the outset. Their involvement in a plot to dynamite the Welland Canal linking Lakes Erie and Ontario - through which raw material needed to produce American munitions transited - was detected by the New York City Bomb Squad. This was not surprising in that they, among other things, had used material linked to a German firm in constructing the explosive device to be used; used the so-called German Club in New York – an establishment that doubled as a bordello - as a safe house (employing a site of criminality for espionage purposes being an operational faux pas); and used the office of a German-run commercial investigative agency for operational purposes (thus coming under suspicion for the wrong reasons).
The financier for German operations in the U.S., Dr. Heinrich Friedrich Albert, committed the cardinal sins of leading surveillance to a meeting with an agent and then leaving a briefcase filled with telegrams from Berlin, communications from German agents and financial records on a New York tram. Some of the material in the briefcase, which was picked up by an alert surveillant, was passed by the White House to The New York Sun. That paper’s publication of it led to the 1915 recalls of Papen; his colleague, Boy-Ed, and Albert to Germany.
As intended, this press reporting also lent support to President Woodrow Wilson’s previously voiced suspicion that he was“sure the country is honey-combed with German intrigue and infested with German spies.” Although Wilson sought to modestly augment the capabilities of the two agencies then charged with monitoring German spies and agents in the U.S. - the U.S. Secret Service and the predecessor to the modern FBI, the Bureau of Investigation – their capacity to do so remained woefully inadequate. Unfortunately, as has been the case with the current GRU campaign, diplomatic responses and legal sanctions did not deter the Germans.
The Cipher Brief Threat Conference is happening October 19-22 in Sea Island, GA. The world's leading minds on national security from both the public and private sectors will be there. Will you? Apply for a seat at the table today.
Boy-Ed’s successor, Captain Franz von Rintelen, arrived in the U.S. in April 1915 on a doctored Swiss passport. He would prove the driving force behind the sabotage campaign, injecting energy - if not operational acumen - into it. Leading a network of intelligence officers infiltrated into the U.S., Rintelen sought to foment strikes, firebomb shipping, instigate embargoes against the Allied Powers, distribute pacifist propaganda, foment revolution in Mexico, and purchase munitions for the German government. His most important mission, however, was to impede or, if necessary, sabotage shipments of arms and munitions from America to the Allied Powers. Rintelen was clear about his intent, saying: “Munitions are my job - what I can't buy I'll blow up, kaput schlagen!"
He immediately set to work, directing a string of attacks against arms shipments to the Allied powers. Employing a tactic echoed by the GRU, his agents placed cigar-shaped incendiary devices in the holds of ships carrying weapons and munitions. The resulting investigations resulted in several of the saboteurs being identified. Soon, operational friction had begun to catch up with Rintelen himself. His involvement in a wide array of operations meant that the exposure of any one of them could lead to the compromise of all the others. The possibility this could occur was made certain by a string of operational errors.
Those mistakes included Rintelen’s personal interaction with German officials and a German bank even though he was ostensibly working undercover in the same job his compromised predecessor had used; using those banks to move operational funds; exercising minimal operational control over his agents who were subjected to minimal vetting; and using potentially hostile intermediaries - the Russians - to facilitate the diversion of arms being shipped to their country, and then bilking them out of money they paid for the shipment; and conveying covert messages over open communications.
Finally, and sensationally, Rintelen got scammed by the original “Wolf of Wall Street,” David Lamar. The German passed Lamar ca. $350,000 to fund a plan to foment strikes in munitions factories and shipping agencies; to hinder the manufacture and shipping of munitions by attacks on financial institutions and by litigation against pro-Allied businesses; to promote a U.S. peace movement; and to enhance public support for Germany. Only later would Rintelen come to realize that Lamar had swindled him.
In August 1915, with investigators closing in, Rintelen fled the U.S. by ship but was arrested by British authorities during a port call in the UK. Extradited to the U.S. in 1917 after America entered the war, he was convicted on a string of charges to include firebombing a ship, perjury and conspiracy to obtain a U.S. passport. Rintelen spent the remainder of the war in prison.
Rintelen’s departure did not, however, end the sabotage campaign. In February 1916, an explosion initiated by the saboteurs destroyed a munitions plant in Bethlehem, Pennsylvania. This was followed by equally effective operations against an armaments factory in Bridgeport, Connecticut and a chemical plant in Cadillac, Michigan. After the successful attack on Black Tom, the saboteurs initiated a fire that destroyed a Canadian factory contracted by Russia to manufacture artillery shells. In February 1917, three Germans were arrested for attempting to (again) sabotage the Black Tom Island facility, which had been rebuilt. Because the April 1917 American entry into the war meant sabotage was no longer an option since the penalty was death to anyone caught in the act, the remaining German saboteurs fled the U.S.
U.S. efforts to seek post-war redress from Germany for the damage wrought by its sabotage campaign – and for Black Tom in particular – underscore the difficulty of holding a nation-state legally liable for its clandestine activities. The post-World War I German-American Mixed Claims Commission sought to assess Berlin’s responsibility and adjudicate indemnities for the consequences of the attack. Weimar Republic lawyers argued there was no evidence incontrovertibly linking German intelligence to it and the Commission ruled in their favor. In 1930, with more evidence of German culpability having come to light, the Black Tom case was re-opened. Once the Nazis came to power, however, the German representative to the Commission resigned when it looked like his country would be implicated in the case. Nonetheless, the Commission declared Germany guilty in 1939 and ordered Berlin to pay 50 million dollars. Unsurprisingly, the Nazi regime did not comply.
Although more evidence convincingly establishing German guilt and detailing the breadth of its pre-World War I sabotage campaign has emerged thereafter, Germany was never held to account for Black Tom. One suspects that, absent the arrest of the GRU operatives involved in the current sabotage campaign should they – like Rintelen – be unwise enough to travel to the UK, it is also unlikely Russia will be held to account for its actions.
The recent GRU sabotage campaign seems to have slowed since reaching its peak in 2023-24, possibly due to better coordination European security agencies and a conscious decision by the Kremlin to scale back operations in deference to discussions between Moscow and Washington about ending the war. With Putin apparently having resolved to continue his war against Ukraine, there is every possibility his security and intelligence services will renew sabotage operations in Europe.
But the UK’s public exposure of the GRU’s activities and U.S. warnings to Moscow that any attack causing an aircraft crash would be treated as terrorism and prompt a severe response are useful to the extent they cause Putin to rein in the aggressiveness of that service’s sabotage operations, thereby hopefully avoiding the repetition of a tragedy on the scale of Black Tom.
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.
Login
