Eurasia Press & News
In late April 2024, Nikolai Patrushev, the longtime head of Russia’s Security Council, chaired a meeting in St. Petersburg of top security officials from countries in Africa, Asia, Latin America, and the Middle East. The meeting was about information sovereignty and security—the Kremlin’s way of describing cybertechnologies that are designed to protect against Western surveillance, influence, and interference. But Patrushev also had a more specific message. Flanked by Sergei Naryshkin, the head of the Kremlin’s SVR Foreign Intelligence Service, Patrushev informed the audience that Russia’s top cybersecurity companies could help their governments gain control of their national information space.
At the time, the event was little noted in the United States or Europe. Just days earlier, the U.S. Congress had approved a long-delayed $60 billion aid package to Ukraine, and Europe was preparing its 14th round of sanctions against Russia. Yet governments in many other parts of the world were paying attention. Although the full list was not released, participants in the meeting included national security advisers, the heads of national security councils, and the heads of security and intelligence agencies from a wide variety of countries including Brazil, Sudan, Thailand, and Uganda; close Russian allies such as China and Iran; as well as the Arab League.
For many of these security officials, Patrushev’s pitch was welcome: Russia has long excelled at cybertechnologies, and they understood that its resources could be valuable to securing their national digital infrastructures. Some of them had witnessed the “Twitter revolutions” of the last two decades and tended to share Russian President Vladimir Putin’s view that such events—enabled by American-owned social media—reflected a U.S. tactic of fomenting mass protests that were often destabilizing. Moreover, many of their governments have maintained business relations with Moscow despite the war in Ukraine and are not particularly concerned about Russian influence in their countries.
As did its Soviet counterpart during the Cold War, Putin’s Kremlin views Africa, the Middle East, and parts of Asia and Latin America as primary battlefields of the global contest with the West. This campaign includes the expansion of Kremlin-affiliated military groups, such as the Wagner paramilitary company, in numerous African countries. It involves an expanded use of soft power, such as the opening of new “Russia Houses” in more than a dozen countries in Africa. These are cultural centers run by the foreign ministry that serve to promote the Kremlin’s narratives, including about its war in Ukraine; to work with Russian émigré communities in target countries; and to provide cover for Russian intelligence operatives—a time-honored practice for Russian cultural centers since the Cold War. The campaign also includes a push to expand Russian intelligence capabilities in regions caught between superpowers.
As the St. Petersburg meeting attests, the Kremlin sees Russia’s commercial cybertechnologies as an important part of this broader campaign and another way to further its interests around the world. According to past findings by European governments and the United States, several top Russian cybersecurity firms have links to the Kremlin’s military and security services. In April 2021, for example, the U.S. Treasury imposed sanctions on the Russian cybersecurity firm Positive Technologies for supporting “Russian government clients, including the FSB,” the Federal Security Service, and alleged that the company “hosts large-scale conventions that are used as recruiting events for the FSB and GRU,” Russia’s military intelligence unit.
And in June 2024, the United States put sanctions on Kaspersky Lab, another top Russian firm, for “cooperation with Russian military and intelligence authorities” that Treasury officials said is “contrary to U.S. national security.” Since 2022, the EU and some European countries have also taken steps to limit Russian cyber-companies’ access to their markets. Positive Technologies is under EU sanctions; in the case of Kasperky Labs, several countries, including Germany, Italy, and Poland, have sought to ban or discourage the use of the company’s software. Both firms have dismissed the findings. In a public statement, Positive Technologies called the Treasury’s conclusions “groundless.” A Kaspersky spokesperson told Reuters that the U.S. decision was “unjustified and baseless.”
Despite this pressure from the West, Moscow is seeking to build on the 2024 security meeting and aggressively expand its cyber-influence around the world. With a series of new partnerships between Russian cyber-firms and foreign entities and governments, Russia has gained a growing technological foothold in Africa, Central Asia, and the Middle East. Although it remains unclear how Russia’s security services may be exploiting these deals, cybersecurity analysts say that such arrangements could give Moscow new ways to preempt Western intelligence activities.
In recent months, as the Trump administration has softened its stance on Russia and pulled back U.S. foreign and intelligence assets aimed at foreign cybersecurity threats, Moscow has pursued this expansion with relatively little scrutiny. Left unchecked, these new relationships could put Washington and its allies at a significant disadvantage in the developing world, even as they potentially give Russia more ways to conduct cyberwarfare against the United States and Europe.
CYBERINSECURITY
Russian cyber-companies emerged as global players a few years after the collapse of the Soviet Union. A strong technical education system across the country combined with the collapse of the military-industrial complex pushed hordes of talented engineers into the nascent cybersecurity market. They brought with them both expertise and determination. Some of them built successful international companies such as Kaspersky Lab, founded in 1997, which developed an array of highly advanced Internet security and cybersecurity tools and became known for exposing cybersecurity threats. In 2010, a team of Kaspersky researchers uncovered the Stuxnet virus, a highly sophisticated malware weapon that was used against Iran’s nuclear program and was jointly designed by Israel and the United States.
For nearly two decades, Russian cyber-companies were focused on building large markets for their products in Western countries, targeting both corporations and foreign government agencies. Some cyber-firms, such as Kaspersky Lab, which was incorporated in the United Kingdom, also established subsidiaries in the West. Following Russia’s annexation of Crimea in 2014 and Russian interference in the 2016 U.S. presidential election, however, growing Western pressure on Moscow and concerns about cyberwarfare by Russian intelligence made it much harder for these companies to do business in the United States and Europe.
In March 2017, U.S. intelligence officials—including the heads of the FBI and the CIA—said they didn’t feel comfortable having Kaspersky’s powerful antivirus software on their computers. Soon after, the Department of Homeland Security ordered all government agencies to remove Kaspersky software from their systems, citing unspecified “information security risks” presented by Kaspersky-branded products and noting that the company’s antivirus and other software “provide broad access to files” that could be exploited by malicious actors.
In October 2017, investigations by The Wall Street Journal and The New York Times reported that Russian hackers had stolen classified documents related to U.S. cyberdefenses from the National Security Agency, in part by using Kaspersky software on an NSA contractor’s computer. Kaspersky strongly denied any knowledge of or involvement in the use of its software to enable hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company told The New York Times.
Moscow is seeking to aggressively expand its cyber-influence around the world.In the years that followed, Russia’s cyber-companies began to focus more on markets outside the United States and Europe. The Russian government was keen to help. The turning point came with the April 2024 security meeting in St. Petersburg, where the Kremlin made a direct bid to offer Russian cybersecurity infrastructure—and specifically the services of seven top Russian cyber-companies—to dozens of security agencies around the world. The firms mentioned by Patrushev included Positive Technologies and its spinoff Cyberus Foundation, Kaspersky Lab, Angara Security, Kod Bezopasnosti, Security Vision, and Solar. By and large, these companies provide products that protect digital infrastructure against cyberattacks—whether from vigilante hackers or hostile foreign governments. Their products generally require deep access to the files and the systems they are protecting.
There are several strategic reasons behind the Kremlin’s push. In many cases, when a foreign government acquires cutting-edge surveillance and cybertechnologies from Russia, their local security and law enforcement agencies lack the expertise to operate them. As a result, they rely on the Russian suppliers not just for technical guidance but also for help integrating the technology into their domestic legal frameworks. That kind of relationship offers the Russian cyber-companies a rare level of access to systems and to local contacts within the client country.
Moreover, many of Russia’s leading cyber-companies were created by engineers and computer scientists from Russian elite technical universities, which were originally established to supply engineers for the Soviet military and intelligence agency, the KGB. Going back to the Soviet era, these schools have produced generations of engineers who are trained to work in secrecy. Eugene Kaspersky, the founder of Kaspersky Lab, studied at the KGB Higher School.
According to Western security officials, Putin has sought to rebuild this tight relationship between the intelligence services and the country’s top technology developers. In its sanctions against Kaspersky Lab, the U.S. Treasury did not include personal sanctions against Kaspersky himself. But it did sanction 12 other Russian nationals who are senior executives at the company. Kaspersky Lab denied that the executives have any links to Russia’s security services. “It would be weird (and flat-out wrong) to assume these executives were introduced into the company’s top management to give Russian spies leverage in Kaspersky Lab’s actions,” the company said in a 2018 statement.
The Russian government has also applied more overt pressure on its cybersecurity companies. In 2016, for example, several top Russian cyber officials—including a top manager at Kaspersky Lab—were thrown into Moscow’s Lefortovo prison by the FSB on charges of high treason. Kaspersky told the BBC that Kaspersky Lab had not been informed of the investigation and that the arrest of its employee had nothing to do with the employee’s work for the company. To cybersecurity experts, the Kremlin appeared to be sending a message to its commercial firms: loyalty to the government was no longer optional.
MOSCOW’S NEW MARKETS
Under the Biden administration, the United States became increasingly concerned about the links it found between Russia’s top cyber-companies and the Russian government. The U.S. Treasury put Positive Technologies and Kaspersky Lab on the U.S. sanctions list, and after Russia’s full-scale invasion of Ukraine in 2022, other Western countries followed suit. In 2023, Positive Technologies was sanctioned by the European Union. Meanwhile, the use of Kaspersky’s software on government devices was banned or restricted in Canada and the United Kingdom; Germany and Italy issued warnings against using Kaspersky’s software in both the public and the private sectors. After Russia invaded Ukraine, Italy’s national cybersecurity agency also banned the use on government devices of various Russian-designed cybersecurity applications—including those of Kaspersky, Positive Technologies, and also Group-IB, another leading Russian company—citing national security concerns.
As in the case of the U.S. measures, the companies denied the findings. In a statement, Positive Technologies described the EU decision as “based on the fact that the company has a license from the Russian Federal Security Service.” The company also said that its business interests are “not related to EU countries and focus on regions ready to work with entities from the Russian Federation, in particular in markets of Latin America, the Middle East, North Africa and Southeast Asia, as well as India, South Africa, China and others.” Following the moves by Italy, Group-IB decided to completely sever its international business from its Russian-based business.
Since the April 2024 meeting in St. Petersburg, Positive Technologies has continued to expand its international reach. In December, the company signed a distribution agreement with Mideast Communication Systems in Cairo, gaining a strategic launch pad for its services in Africa and the Middle East—particularly in Egypt and Saudi Arabia. Positive Technologies has been particularly attractive to Riyadh because the company provides protection against so-called advanced persistent threat attacks—cyberattacks in which a malicious actor may remain hidden within a system for a long time to accomplish strategic objectives—which have been particularly prevalent in Saudi Arabia. In 2024, the company found that of the groups it could identify that had launched such attacks, 88 percent had targeted telecommunications and military industries in Saudi Arabia.
In June 2025, Cyberus Foundation, which describes itself as a “tool for consolidating business, the cyber defense industry, and the state to achieve common goals,” signed a strategic agreement with Al-Adid Business, owned by Sheikh Suhaim bin Ahmed bin Sultan bin Jassim Al Thani, a member of the ruling family of Qatar. The deal is designed to develop Qatar’s cybersecurity capabilities, including by establishing Cyberdom Qatar and Hackademy, institutions for training cyber experts in the country. There is no direct indication that Russian intelligence was involved in these deals. But they indisputably give Russian companies far-reaching access to these countries’ digital infrastructures.
In April 2025, Cyberus also signed a partnership agreement with the Collective Security Treaty Organization, the Kremlin-led military alliance of Armenia, Belarus, Kazakhstan, Kyrgyzstan, Russia, and Tajikistan. The goal of the agreement, according to CSTO Secretary-General Imangali Tasmagambetov, is “to strengthen coordination between the CSTO member states in countering cyber threats and to increase the level of cyber resilience in the region.”
Russia’s cyber-expansion has been particularly active in Africa. Kaspersky Lab, for example, has signed an agreement with Smart Africa, a partnership among 40 African countries aimed at developing information and communications technologies. Kaspersky is also involved in the African Network of Cybersecurity Authorities, an initiative established in February 2025 to “tackle cross-border cybersecurity challenges across the Continent.” In making such arrangements, Kaspersky Lab has positioned itself to be the leading shaper of the emerging cyber-industry across Africa.
Meanwhile, the Kremlin has continued to promote the companies on Patrushev’s list. For instance, in June, the St. Petersburg International Economic Forum—the annual conference sponsored by Putin that has long served as a showcase for Russia’s economic and geopolitical power—featured Yury Maksimov, the co-founder of Positive Technologies and Cyberus, as one of its key speakers. Maksimov discussed the need for the countries that “don’t have complete technological independence”—meaning countries that are unable to create national online services that are capable of competing with Western platforms—to understand how to maintain digital sovereignty. In the Kremlin’s view, much of Africa, Asia, and the Middle East fits into this category.
At the St. Petersburg forum, Cyberus’s pitch to those countries was echoed and reinforced by Andrey Bezrukov, the president of the Russian Association for the Export of Technological Sovereignty. Bezrukov is better known in the United States as Donald Heathfield, the identity he used while serving in what the U.S. Department of Justice called the “Illegals Program”: a network of Russian sleeper operatives who attempted to infiltrate U.S. institutions by posing as ordinary Americans. U.S. authorities turned over Bezrukov and nine other operatives to Russia in a prisoner swap in 2010. After the swap, the Kremlin helped Bezrukov reinvent himself as a foreign policy expert specializing in the United States, and he became a constant presence on Russian TV shows.
Bezrukov’s current occupation—leading the “export of technological sovereignty”—reflects what the Kremlin, Russian intelligence agencies, and Russian cyber-companies aim to achieve: to provide target countries with cyber-services that would shield their information spaces from the perceived threat of Western influence, including in cybersecurity and social media control. Given that neither Bezrukov nor Naryshkin have hidden their affiliations with the SVR, it appears that Russia’s spy agencies think their colleagues in the client countries are little concerned about the possibility of Russian intelligence penetration in their digital infrastructure as long as they can obtain cyberprotection from the West.
A RACE RUSSIA CAN WIN
The stakes in this quiet yet intense new cyberbattle are high. It is not only about which companies gain access to the national digital infrastructure of dozens of countries outside the West but also about the training of those responsible for protecting that infrastructure. For the Russian government, the influence of Russian firms around the world is clearly a strategic priority. For one thing, the experts who train the next generation of cyber-specialists around the world will play a crucial role in helping those specialists identify what constitutes perceived threats. The differences in the perception of such threats have been political since the early years of this century, when first Russia and then China began promoting a very broad definition of threats to national information security—one that in the Kremlin’s version includes, for instance, the activities of foreign media. As the earlier NSA leak shows, Russian technology could also potentially provide a backdoor to Russian intelligence.
Paradoxically, the moves by the United States and its European allies to sanction Russian cybersecurity companies and limit or bar their use in the West may only have accelerated the spread of Russian cybertechnology to other parts of the world. Russian intelligence has a long reach, and the country’s leading cyber-companies have been made well aware of it. But the United States and its allies seem far less so, and that neglect could in the long run provide a significant advantage to Putin’s Russia as it gains growing influence over the cyber-infrastructure of countries around the world.
