Recent reporting of a disturbing plot orchestrated by Russian FIS targeting European air cargo networks, potentially including flights bound for the United Kingdom has raised the “grey zone” warfare being waged against the West. A fairly sophisticated operation, reportedly involving the placement of incendiary devices within seemingly innocuous parcels carried by logistics giant DHL, underscores the evolving and increasingly brazen nature of adversarial hybrid warfare campaigns against Western nations. While the Kremlin has denied involvement, the convergence of evidence and assessments from multiple European security agencies paints an ugly picture of a deliberate and dangerous attempt to disrupt critical infrastructure and sow chaos. I am NOT going to provide instruction on how to make a thermostat mercury tube and block of magnesium into something useful, offer detail on attack surfaces, nor placement logistics however knowledge of the plot, briefly stating the nature of the devices employed, the chosen attack vector, the timing of the discovered incidents, the suspected involvement of Russian intelligence services, and a brief assessment of the potential effectiveness and broader implications of such an operation are fine for open source commentary.
The devices were not conventional high explosives designed for immediate, destructive detonation. Non-classified reports suggest the use of incendiary mechanisms concealed within ordinary consumer goods shipped through standard air cargo channels. Details emerging from investigations in Germany, the United Kingdom, and Poland indicate that items such as massage pillows and sex toys were used as Trojan horses to smuggle these components into the logistics network. The incendiary nature of the devices is a critical aspect, suggesting that the actors were not focused on instantaneous structural failure of an aircraft but rather on initiating a fire within the cargo hold. At cruising altitude a fire presents a severe threat capable of compromising the aircraft’s structural integrity, affect flight control systems, and/or produce incapacitating smoke and fumes.
NO blueprints here! However, the reported outcomes of their ignition provide clues about their composition and design. That the incidents occurred in logistics hubs on the ground in Germany and the UK rather than in flight suggests a timing mechanism designed for delayed activation. This delay could have been triggered by a variety of methods, such as a timer, barometric pressure changes (simulating altitude), or simple friction or impact during transit. Camouflage as harmless consumer electronics points to a degree of technical sophistication aimed at bypassing standard security screening protocols, which are primarily geared to detecting traditional explosives and weapons. German authorities, in testing replicas of the devices, reportedly found that fire suppression systems typically installed in aircraft cargo holds might not be sufficient to extinguish the fires initiated by these incendiaries. The operators clearly conducted research into the vulnerabilities of air cargo safety measures. The selection of materials that burn intensely and are difficult to suppress, such as certain metallic compounds or accelerants, is consistent with the objective of causing an uncontainable fire.
The choice of the air cargo network as the attack service highlights several strategic considerations for adversarial FIE. Air cargo is a vital component of global commerce, moving vast quantities of goods rapidly across international borders. Targeting this network allows for potential disruption on a significant scale, impacting supply chains and causing economic damage. Cargo planes, while subject to security measures generally do not have the same level of stringent passenger screening associated with commercial passenger flights. They are softer targets for introducing illicit devices. The distributed nature of cargo handling across numerous facilities and the sheer volume of packages processed daily also present opportunities for effective camouflage and smuggling. Utilizing established courier services like DHL, with their extensive networks and trusted reputation, leveraged existing infrastructure for Russia’s ends, blending the dangerous parcels with legitimate shipments to reduce suspicion.
The timing of the discovered incidents in July 2024, is noteworthy. These events occurred within the broader context of Russia’s ongoing full-scale invasion of Ukraine and heightened tensions between Russia and Western countries providing support to Kyiv. Western officials have increasingly warned of an intensification of Russian hybrid warfare. “Grey zone” operations that include sabotage, cyberattacks, and disinformation are distinctively Russian and likely aimed at undermining support for Ukraine and destabilizing European societies. This sort of kinetic act of sabotage with potentially far-reaching consequences aligns with the I.C.’s understanding of Russian FIS’s pattern of escalation. The incidents in July 2024 in Germany and the UK appear to be “test runs,” intended to assess the feasibility of the method and the reaction of security agencies before execution of a more widespread and/or impactful attack. We have good cause to be concerned with the likelihood of the targeting of flights destined to North America. The subsequent arrests in Poland and Lithuania in the latter half of 2024 evidence that investigations advanced quickly, certainly through intelligence liaison with European security services.
Attribution requires compelling evidence, often gathered through covert means, however, the consistent assessment by multiple Western security agencies pointing towards Russian FIE, specifically the GRU (Main Intelligence Directorate of the General Staff), should surprise no one. The GRU has a documented history of engaging in aggressive foreign operations, including sabotage, assassination attempts and cyberattacks, often conducted with a high degree of risk tolerance and a willingness to operate in a gray area between conventional warfare and deniable covert action. Their involvement in previous incidents on European soil, such as the Sergei Kripal assassination attempt, demonstrate Russia’s capability and intent to carry out dangerous operations abroad.
There are more specifics that give us good reason to point to the GRU. The nature of the operation, a covert act of sabotage targeting critical infrastructure in countries supporting Ukraine, aligns with Russia’s strategic objectives in its conflict with the West. Disrupting logistics networks, creating fear and uncertainty serves to pressure governments and populations supporting Ukraine. The use of “disposable agents” or recruited individuals in various European countries to handle the parcels is consistent with known GRU tradecraft, which often utilizes cut-outs to maintain plausible deniability. The arrests in Poland and Lithuania were of individuals from different nationalities, suggesting a network of recruited operatives rather than directly deployed intelligence officers. Further, comm. intercepts revealed discussions among senior GRU officials regarding the plot, providing direct evidence of the involvement of Russian FIS. The Kremlin’s standard practice of flatly denying involvement does NOT refute the I.C.’s assessments and attribution.
The effectiveness of the explosive/incendiary device and its attack service must be assessed on multiple levels. From a technical standpoint, an incendiary device capable of initiating an uncontrollable fire in an aircraft cargo hold at altitude is highly effective at creating a catastrophic in-flight emergency. Modern cargo planes have sophisticated fire detection and suppression systems, but if the fire source is resistant to the suppression agents (like halon or nitrogen), or if the fire spreads rapidly before suppression is effective, the consequences can be dire. The potential for loss of the aircraft and its cargo, as well as the risk to populated areas if a crash were to occur, makes this a high-impact peril. German authorities’ findings regarding the potential ineffectiveness of fire suppression systems against the tested replicas should make the hair on your neck stand up.
From an operational perspective, the attack service (legitimate air cargo network) was effective in allowing the devices to penetrate security layers and reach their intended environment. The volume and speed of air cargo movement make comprehensive, item-by-item security screening a significant logistical challenge. By concealing the incendiaries within seemingly innocuous items and utilizing established shipping routes, the operators exploited inherent vulnerabilities in this system. The incidents in July 2024, demonstrated that the devices could be successfully introduced into the network and ignite, thereby validating the initial stages of the attack methodology and giving the GRU proof of concept They just didn’t count on the unintended early ignition. The plot was ultimately disrupted, indicating limitations in the overall effectiveness of the methodolgy, however, the GRU learns from its mistakes. Early ignition of the devices on the ground, while potentially providing valuable data to the perpetrators, also served as a big red flag to security agencies allowing for rapid investigation, intelligence sharing, and the apprehension of individuals involved, thereby preventing in-flight incidents. These were described as “test runs” so the operation was likely still in an experimental phase. The premature ignitions forced the perpetrators’ hand and exposed the plot before it could be realized on a larger scale.
The broader effectiveness must also be considered in the context of Russian hybrid warfare objectives. The successful downing of a cargo plane would create significant shock and disruption, even the exposure of such a plot serves Russia’s goals of sowing fear, demonstrating capability, and forcing Western nations to expend resources on the enhancement of security measures. The psychological impact of knowing that potentially dangerous devices could be present in everyday shipments carried by air can and will erode public confidence in transportation networks. Further, attribution of the plot to Russian FIS exacerbates existing tensions and reinforces the narrative of Russia as a hostile and unpredictable actor.
Russian FIS’s plot to plant incendiary devices on DHL cargo planes flying over Europe represents a serious and sophisticated attempt to conduct sabotage against Western infrastructure. The use of concealed incendiary devices, the exploitation of the air cargo network, and the involvement of the GRU align with Russia’s broader hybrid warfare strategy. Russia’s plan exposed vulnerabilities in air cargo security and highlighted the persistent threat posed by adversarial FIEs generally, and Russia more specifically. The incident serves as a stark reminder of the need for continued vigilance, enhanced security measures, and robust intelligence liaison to counter covert bullshit of this nature that are clearly aimed at destabilizing global systems. The plot underscores the evolving landscape of Russia’s willingness to do engage in unacceptable methods, international security more broadly, and the critical importance of understanding the motivations, methods, and capabilities of adversarial intelligence services.
Sources:
Associated Press. (2024, November 5). Western officials suspect Russia was behind a plot to put incendiary packages on cargo planes. PBS NewsHour.
Business Standard. (2024, November 5). Russia suspected of plotting to send incendiary devices to US on planes. Business Standard.
CSIS. (n.d.). Russia’s Shadow War Against the West. Center for Strategic & International Studies.
EUvsDisinfo. (2024, November 26). Disinfo: The West organised the DHL cargo plane crash in Vilnius to blame Russia. EuvsDisinfo.
Newsweek. (2024, November 5). Russia Suspected of Plot to Put Incendiary Devices on US-Bound Planes. Newsweek.
Politico.eu. (n.d.). Europe is under attack from Russia. Why isn’t it fighting back? Politico.eu.
Radio Free Europe/Radio Liberty. (n.d.). A Russian Airline Bomb Plot? What We Know About The Polish PM’s Accusations. Radio Free Europe/Radio Liberty.
The Record. (2024, November 5). Lithuania: Russian military intelligence behind plot to parcel bomb cargo planes. The Record.
UNN. (n.d.). Incendiary devices in parcels in Europe: Russian intelligence services are behind the sabotage – investigation. UNN.
UNITED24 Media. (2024, October 15). Suspected Russian Sabotage Nearly Caused German Plane Crash, German Intelligence Chief Says. UNITED24 Media.