WAGNER

​The contemporary security landscape within the Russian Federation reflects an intricate amalgamation of localized paramilitary initiatives, state-driven digital censorship, and the persistent infiltration of high-tier cyber threat actors. Analysts observing the current trajectory identify a critical friction point between the operational requirements of frontline military units and the bureaucratic mandates of domestic regulatory bodies. The evolution of training projects like “One Day in Special Forces” (ODVS) provides a blueprint for how private entities compensate for systemic gaps in traditional military preparation. Simultaneously, the aggressive efforts of Roskomnadzor (RKN) to establish a “digital iron curtain” through the throttling of platforms like Telegram and the promotion of the state-backed “MAX” messenger create new vulnerabilities that foreign intelligence services and non-state actors exploit with increasing frequency.

The ODVS Project

​Private military education in Russia has shifted from a fringe hobbyist pursuit to a legally codified and strategically significant sector. The “One Day in Special Forces” project, operating under the formal designation of OOO “ODVS,” represents a sophisticated model of this transition. Registered officially on July 17, 2017, in the Lipetsk region, the organization maintains its headquarters at Valentina Tereshkova Street, 10/2, apartment 26, under the direct leadership of General Director Oleg Aleksandrovich Sviridov. Sviridov, who also serves as the sole founder and owner, has managed the project’s growth from a small-scale training initiative into a multi-regional operation that has trained over 7,000 cadets across the Moscow region, Lipetsk, St. Petersburg, and the conflict zones of the Donetsk and Luhansk People’s Republics over the past twelve years.

​The legal framework surrounding OOO “ODVS” reveals a dual-purpose mission. While the primary OKVED code 93.11 classifies the entity as an operator of sports facilities, its secondary activity codes, including 74.90.3 (provision of security consulting services) and 79.90.22 (independent tour guide and tour operator activities), provide the necessary flexibility to conduct complex military-style gatherings. This organizational structure allows the project to bridge the gap between civilian recreational interest and functional combat readiness. The project utilizes the expertise of eleven core instructors, including veterans of the Special Operations Forces (SSO), to deliver a curriculum that mirrors the rigorous “maroon beret” qualification standards.

​Training gatherings occur monthly, focusing on a comprehensive suite of disciplines designed to prepare individuals for the realities of modern hybrid warfare. Firearms training constitutes a fundamental pillar, emphasizing proficiency with both short-barreled and long-barreled weapons, including the AK-74M and Makarov pistol. Tactical medicine modules teach the vital basics of first aid, such as hemorrhage control, tourniquet application, and victim transport, which are essential skills for survival in high-intensity combat environments. The curriculum also integrates specialized tactical training for urban and forested terrains, engineering preparation, and the increasingly critical field of Unmanned Aerial Vehicle (UAV) control.

​High-altitude preparation forms another significant component of the ODVS pedagogy. Instructors like Roman and Konstantin guide participants through the principles of mountaineering, complex knot-tying, the use of descent devices, and tactical movement on building facades. These skills directly translate to urban assault operations where unconventional entry points provide a decisive advantage. The project offers tiered programs, such as the “First Step” for beginners and the more intensive “Fighter” course for those with intermediate physical backgrounds. Participants in these courses, such as the two-day gatherings scheduled for late February in the Moscow region, receive full accommodation, equipment, and nourishment, ensuring a total immersion experience that fosters psychological resilience.

​The instructor cadre provides the institutional knowledge necessary to maintain high standards of preparation. Oleg Sviridov leads the group, supported by specialists like Viktor, an instructor for firearms and tactical medicine, and Pavel, who coordinates the children’s section and leads search detachments. Lyudmila, a Doctor of Sciences and methodologist, ensures that the pedagogical approach remains structured and effective, while Roman focuses on physical training and assault mountaineering. This team of experts creates an environment where civilians and security professionals alike can “break out of the routine” and gain specialized skills that traditional state pipelines may not provide in a timely manner.

​The Strategic Conflict Between Regulatory Control and Frontline Necessity

​A profound contradiction has emerged between the Russian government’s digital sovereignty goals and the tactical needs of its military personnel. In February 2026, Roskomnadzor significantly intensified its restrictions on the Telegram messaging application, a move that the Wagner Group and other paramilitary factions characterize as a direct threat to national security. For years, Telegram has served as the de facto command-and-control platform for Russian units, providing a space for coordinating logistics, crowdsourcing supplies, and sharing real-time drone intelligence. The deliberate slowing of the app, which Roskomnadzor justifies as a measure to combat fraud and extremist activity, has created what frontline specialists describe as “sabotage”.

​The Wagner Group’s “White Uncles in Africa” Telegram channel issued an aggressive critique on February 17, 2026, labeling the officials at Roskomnadzor as “clowns” and “provocateurs”. The group argues that these restrictions make it “much more difficult to collect and analyze data” that assists Russian specialists working abroad. The timing of these disruptions appeared suspiciously synchronized with a major communication failure in the Middle East [User Query]. Frontline commanders report that while Roskomnadzor throtled Telegram, Elon Musk and SpaceX implemented a “whitelist” system that deactivated thousands of gray-market Starlink terminals used by Russian forces in Ukraine and other regions.

​The dual failure—one domestic and one foreign—left many units without reliable high-speed data links during critical operations. Wagner Group representatives suggested that Roskomnadzor might harbor “accomplices of foreign special services” who act on behalf of “African terrorists” by blinding Russian forces. The frustration within the military community has escalated into public calls for accountability. Veterans have challenged Roskomnadzor officials to test the performance of the state-approved “MAX” messenger on the front line with only one “Max” radio station on board, suggesting that the regulators are dangerously detached from the reality of modern combat.

​Reports from the Belgorod region highlight the civilian impact of these digital “speed reducers.” Governor Vyacheslav Gladkov expressed concern that the slowing of Telegram hinders the ability of residents to receive emergency notifications during air attacks. During wartime, the speed of information dissemination saves lives, and the latency introduced by Deep Packet Inspection (DPI) and DNS manipulation represents a tangible physical risk to the population. Despite these warnings, the Kremlin persists in its push for digital enclosure, often dismissing military concerns by claiming that “military communications are not conducted through messaging apps,” a statement that ignores the widespread and necessary use of unofficial tools for battlefield management.

The MAX Messenger

​The Russian government’s primary solution to the “Telegram problem” is the promotion of “MAX,” a super-app developed by the VK company and integrated with the Gosuslugi portal. Minister of Digital Development Maksut Shadaev has envisioned MAX as a national messenger capable of rivaling Japan’s Line or South Korea’s KakaoTalk. As of late 2025, the government mandated the pre-installation of MAX on all smartphones sold in Russia, while Roskomnadzor simultaneously applied “gradual restrictions” to foreign competitors like WhatsApp and Telegram.

​However, the military and civilian sectors have met MAX with significant skepticism and active resistance. Soldiers in the Donetsk region, specifically those in the 27th and 144th motorized rifle divisions, have reportedly resisted orders to switch to the state-controlled app. These servicemen view MAX as “spyware” designed for surveillance rather than secure operational use. Many soldiers fear that the transparency of a state-controlled messenger will lead to disciplinary or criminal charges, as it is nearly “impossible to wage war strictly in accordance with existing laws and orders”. Consequently, some personnel plan to maintain “clean” phones with MAX installed for inspections while continuing to use unauthorized tools for actual work.

​Technical assessments of the MAX messenger further validate these concerns. The application reportedly collects and stores extensive metadata, including IP addresses, contact lists, and activity timestamps. Its privacy policy allows for the potential transfer of this data to third parties, including state security agencies, without the end-to-end encryption guarantees found in other platforms. Security researchers have documented that MAX incorporates multiple third-party open-source libraries from “unfriendly” countries and that some telemetry traffic is directed to foreign servers. Furthermore, a joint UK-Ukrainian hacking team reportedly infiltrated the software in late 2025 to extract critical information, underscoring the platform’s vulnerability to sophisticated external threats.

​The promotion of MAX represents a broader strategy to consolidate digital control and enforce a “national backbone” for communications. Yet, the technical flaws and the perceived surveillance risk make it an unsuitable replacement for the resilient, albeit vulnerable, Telegram ecosystem. The Russian soldiers’ preference for a “banned” app over a government-mandated one highlights a fundamental trust deficit that complicates the state’s efforts to achieve digital sovereignty.

​Psychological and Cultural Dimensions of the Volunteer Combatant

​The “Orchestra” volunteer narrative provides a window into the psychological motivations of those who bypass traditional military structures. A recent documentary focuses on a machine gunner who voluntarily entered the zone of armed conflict after being rejected by the regular army due to illness [User Query]. This individual’s path—from a childhood dream of military service to stopping a tank in the ruins of Bakhmut—encapsulates the “50% preparation, 50% chance” philosophy that dominates the paramilitary mindset [User Query]. His story emphasizes the importance of personal responsibility, where he gathered his own equipment and tactical gear after realizing that state provision was insufficient [User Query].

​The volunteer’s experience at the “Molokino” training site illustrates the rigors of private selection processes. Participants lived in cold tents and underwent psychological tests of strength before seeing their first “real blood”. This environment forged a sense of camaraderie and discipline that the hero contrasts with the “money-driven” motives he attributes to some regular forces. His tactical success in stopping a tank by hitting the engine and the subsequent destruction of the crew serves as a powerful recruitment tool, reinforcing the idea that specialized training and individual initiative can overcome superior enemy technology.

​This narrative of “modesty and strength” aligns with broader social initiatives like “Northman” (Severny Chelovek), founded by Mikhail Mavashi. Mavashi has transitioned from a musician to the leader of an “ethnic” movement focused on Russian character, physical fitness, and mutual aid. The “Northman” initiative provides a cultural framework for the militarization of civilian life, encouraging sport and support as precursors to military service [User Query]. Mavashi’s music, such as the track “Russian Flag,” promotes an exclusionary nationalism that emphasizes “Russian hardcore” and the defense of the nation’s culture against perceived external and internal threats.

​The volunteer experience also addresses the grim realities of the “war of Slavs among themselves” and the ethical challenges of urban combat. The hero’s story about saving civilians from a mine trap and his reflections on the necessity of “remaining human” in a job where “a mistake costs everything” provide a nuanced view of the conflict. These stories humanize the “Orchestra” while simultaneously romanticizing the price of trial and error in high-risk environments. This cultural output ensures a steady stream of recruits for both training programs like ODVS and frontline units like the 336th Guards Marine Brigade.

​The Sophistication of External Cyber Vectors Targeting the Digital Perimeter

​While domestic regulatory agencies focus on Telegram, high-tier external threat actors have launched sophisticated, AI-enabled social engineering campaigns targeting the Russian digital and financial sectors. One specific actor, identified as UNC1069, has been active since at least 2018, focusing on the cryptocurrency sector, decentralized finance (DeFi), and venture capital firms. This group has transitioned from using artificial intelligence for simple productivity gains to deploying novel, AI-enabled lures in active operations.

​The social engineering tactics employed by UNC1069 involve compromising the Telegram accounts of high-level executives to build rapport with potential victims. The group then schedules spoofed Zoom meetings where they present a deepfake video of a well-known CEO to deceive the target. During these calls, the actor simulates audio issues to initiate a “ClickFix” attack. The victim is directed to run “troubleshooting” commands on their system, which are tailored for both macOS and Windows. These commands initiate a complex infection chain that leads to the deployment of seven unique malware families on a single host.

​The malware suite includes several highly specialized tools:

• ​WAVESHAPER: A C++ backdoor targeting macOS that collects detailed system information, including machine name, OS version, and a list of running processes. It leverages the curl library for communication and runs as a daemon to maintain persistence.
• ​HYPERCALL: A Golang-based downloader that retrieves malicious dynamic libraries from a C2 server. It reflectively loads these libraries into memory using the NSCreateObjectFileImageFromMemory API to avoid traditional disk-based detection.
• ​HIDDENCALL: A follow-on backdoor component that provides hands-on-keyboard access to the system. Forensic analysis of Rosetta cache AOT files revealed shared code overlaps with HYPERCALL, suggesting a unified development environment.
• ​DEEPBREATH: A Swift-based data miner designed to bypass the macOS Transparency, Consent, and Control (TCC) database. It manipulates the TCC.db file by renaming folders and injecting permissions, allowing it to steal credentials from the Keychain and data from browsers like Chrome, Brave, and Edge.
• ​CHROMEPUSH: A C++ data miner that installs itself as a native messaging host for Chromium-based browsers. It collects keystrokes, username and password inputs, and browser cookies, uploading them to a remote server.
• ​SILENCELIFT: A minimalistic backdoor that beacons host information to a hard-coded C2 server and can actively interrupt Telegram communications if it gains root privileges.
• ​SUGARLOADER: A persistent downloader historically associated with this threat actor, used to deploy next-stage miners like CHROMEPUSH.

​These threat actors utilize generative AI models like Gemini and GPT-4o to assist in reconnaissance, image editing, and operational research. The integration of these tools into the adversary lifecycle allows for the creation of more convincing lures and the rapid development of custom malware. The target’s focus on credentials and session tokens indicates a highly determined effort to facilitate financial theft, which can be used to fund further operations or circumvent international sanctions. This evolution in cyber tradecraft highlights the inadequacy of signature-based defenses and the need for behavioral detection in an environment where AI-enabled deception is the new norm.

​Regional Recruitment and the Role of Charitable Foundations

​The recruitment of specialized personnel for elite units often flows through non-governmental channels and charitable organizations. The “Beacon” (Mayak) Foundation for Supporting Combat Veterans serves as a key intermediary in this process. In February 2026, the foundation announced recruitment for the 336th Guards Marine Brigade based in Baltiysk, Kaliningrad Region. The brigade is specifically looking for drivers, mechanics, and “fighters with knowledge of communications and expertise in radio electronics” to staff a radio-location station.

​This focus on technical expertise underscores the shift toward high-tech warfare, where electronic warfare and signal intelligence are as important as traditional infantry skills. The use of a Telegram bot (@wORClab_bot) for communication with the foundation reflects the ongoing reliance on this platform despite state-imposed restrictions. Analytics on such bots indicate that developers must implement their own custom event tracking or use third-party tools like Dashbot or Google Analytics, as Telegram does not provide a native analytics API for bots.

​Charitable foundations like Mayak and the “One Day in Special Forces” project operate in a legal gray area that allows them to support the war effort while maintaining the appearance of independent civilian organizations. The Mayak Foundation, while listed in some databases as an organization in the process of liquidation or providing services to the elderly in regions like Nizhny Novgorod, continues to function as a recruitment hub for military-adjacent roles. This fragmentation of military support structures makes it difficult for external observers to track the full scale of mobilization and technical preparation within the Russian Federation.

​The Fragile State of Russian Security

​The convergence of paramilitary training, digital censorship, and high-tier cyber threats creates a landscape of extreme strategic fragility. Training projects like ODVS successfully maintain a high baseline of combat readiness among the civilian and reserve populations, yet the state’s own regulatory actions consistently undermine these gains. Roskomnadzor’s throttling of Telegram and the failure to provide a viable, trusted alternative like MAX leave the military community in a state of communication “fratricide,” where the government’s desire for control actively endangers its own troops on the front line.

​The deactivation of Starlink terminals demonstrates the precariousness of relying on foreign technology providers whose interests may shift based on geopolitical pressure. This shift forces the Russian military to rely on outdated or unsecure methods of communication, increasing their vulnerability to both physical attacks and sophisticated cyber intrusions like those orchestrated by UNC1069. The “African terrorist” narrative promoted by the Wagner Group reflects a growing internal belief that the domestic bureaucracy is compromised by foreign agents, a sentiment that further erodes the cohesion of the security apparatus.

​Cultural movements like “Northman” and the romanticization of the “Orchestra” volunteer provide the ideological glue that holds this fractured system together. However, this ideology alone cannot compensate for technical deficiencies and the lack of a secure digital environment. As AI continues to weaponize social engineering and the electromagnetic spectrum becomes the primary theater of competition, the Russian Federation’s ability to maintain “digital sovereignty” while simultaneously waging a conventional war will be severely tested. The current trajectory suggests that the friction between the state’s regulatory organs and its military specialists will continue to intensify, leading to further instances of “digital sabotage” and a reliance on fragmented, non-state solutions for survival.

​The intelligence analysis indicates that the most significant threats to Russian security in early 2026 are not only the external adversaries on the battlefield but also the internal technical and bureaucratic failures that blind its own specialists. The state’s inability to reconcile its surveillance needs with the operational requirements of a modern, tech-driven military creates a vacuum that both foreign hackers and disgruntled internal factions are more than willing to fill. The reliance on private training centers like ODVS and charitable foundations like Mayak highlights the state’s dependency on a decentralized network of actors to maintain its defense posture, a network that is increasingly vocal about its dissatisfaction with the central authorities’ digital policies.