1. GP Opinion
  2. Gangs of Geopolitics

Gangs of Geopolitics

By Robert Schuett and Philipp Schramm -
Conflict and security
Gangs of Geopolitics

As Europe becomes a hybrid battlefield at the hands of organised crime and hostile statecraft, Robert Schuett and Philipp Schramm call for a realistic response to defend open societies and businesses from criminal actors with geopolitical reach.

In March 2025, two Eastern European mobsters were convicted in a New York courtroom for plotting to murder a U.S.-based journalist. The real mastermind, however, was not another crime boss but the Iranian regime. The hit, offered for half a million dollars, was orchestrated by Iran’s intelligence services using a transnational criminal organisation as proxy. This plot, reaching from Tehran to Tbilisi to the Bronx, is emblematic of a broader pattern now haunting Europe’s security landscape: organised crime is no longer just about drug deals and turf wars. Gangs have become hard geopolitical actors.

Criminal networks have gone global, intertwining with state power struggles and hybrid warfare. In Europe, treating mafias and cartels as mere police cases is anachronistic. Today’s criminal syndicates are not just crisis profiteers; they increasingly operate on behalf of states. In doing so, they blur the lines between internal and external threats. The concept of geocriminality—where crime functions as a tool of geopolitical ambition—is no longer theoretical. From Portugal to Poland, the rise of what we call the gangs of geopolitics is reshaping the EU’s security landscape, and it poses a global strategic threat that demands international cooperation.

Few actors illustrate this convergence more clearly than the Iranian regime and its Lebanese proxy, Hezbollah. Facing stringent sanctions and limited military options, Tehran has increasingly leveraged criminal networks to advance its strategic goals in Europe. Since 2018, Iranian intelligence has systematically cultivated local criminals and mob networks to conduct operations across European cities, from surveillance and assassination attempts to outright attacks. A particularly vivid example emerged in Stockholm in January 2024 when Swedish police discovered an unexploded grenade outside the Israeli embassy. The culprits were not ideologically driven jihadists but local gangsters, recruited by Iranian intelligence.

Iran’s use of criminal proxies is not incidental but integral to its hybrid warfare strategy. It provides Tehran plausible deniability and taps into Europe’s pre-existing criminal infrastructures, making these networks harder for authorities to dismantle. The recruitment of notorious figures such as Sweden’s “Kurdish Fox,” a criminal boss recruited after fleeing justice, and “the Strawberry,” whose gang carried out shootings on Tehran's orders, highlights a deliberate strategy to exploit Europe's vulnerabilities. Tehran’s embrace of organised crime also extends into cyberspace, where Iranian state-sponsored hackers collaborate with sophisticated ransomware gangs, enhancing both operational reach and deniability.

Europe’s openness, once a strength, has become a critical vulnerability exploited by both criminals and hostile states. Europol’s recent threat assessment underscores the severity, describing organised crime as increasingly destabilising European societies and acting as proxies in service of hybrid threat actors.

Nowhere is this clearer than in cyberspace. Ransomware gangs, often operating from Russian safe havens, routinely paralyse critical European infrastructure and corporations. The 2021 ransomware attack on Ireland’s national health service demonstrated the devastating strategic implications: these digital assaults, often perpetrated with tacit approval from hostile states, blur the lines between criminal activity and geopolitical aggression.

Moreover, the weaponisation of illegal migration compounds this threat. Europe's border integrity is continually challenged by migrant smuggling networks, from the Turkish Aegean to North Africa, who exploit desperation for profit. The strategic manipulation of these networks by state actors became evident in 2021 when Belarus orchestrated migrant flows to Poland and Lithuania, explicitly aiming to destabilise the EU. These criminal smugglers often collaborate with extremist groups and drug traffickers, creating complex, interwoven threats to EU internal security.

At the intersection of crime and terrorism, Europe's experience further complicates security strategies. Terrorist attacks have increasingly relied on criminal funding and logistics, with extremists financing plots through organised crime ventures. The overlap between criminality and terrorism is not new but has become significantly pronounced, with organised crime syndicates adopting terrorist-like coercive tactics to influence state actions and intimidate societies.

Russia’s involvement exemplifies this fusion of crime and geopolitics. Russian intelligence services have long utilised organised crime to conduct influence operations, money laundering, and cyberattacks within Europe, capitalising on the EU’s fragmented political landscape and regulatory blind spots. Criminal networks linked to the Russian state serve as tools of espionage, sabotage, and strategic corruption, often masking their activities behind legitimate economic fronts and opaque financial dealings.

Similarly, China’s presence in Europe's criminal underworld is growing more discernible, with diaspora-linked syndicates involved in extensive money-laundering operations, cyber espionage, and illicit trade. These activities, beyond economic exploitation, serve Beijing’s broader geopolitical ambitions by undermining Europe's regulatory frameworks and economic sovereignty.

Given these multifaceted threats, Europe's response must transcend traditional law enforcement. Criminal syndicates, thriving in the grey zones between state power, intelligence activities, and illicit enterprise, now operate with strategic intent and geopolitical consequence.

To counter this evolving threat landscape effectively, the European Union must adopt an integrated strategy that combines law enforcement, intelligence operations, cyber capabilities, and diplomatic leverage.

The EU should establish a European Hybrid Threat Fusion Cell—a permanent task force that merges law enforcement and intelligence capabilities to track state/crime collusion. Europol and the EU Intelligence and Situation Centre (INTCEN) must be empowered to share real-time intelligence and coordinate strategic responses across domains, connecting the dots between terrorism, espionage, cybercrime, and transnational criminal networks. Europe must also develop proactive cyber offensive capabilities to dismantle ransomware infrastructure, coordinating with national Computer Security Incident Response Teams (CSIRTs) and mandating intelligence-led takedowns. Public-private partnerships should be strengthened to trace illicit crypto flows and freeze criminal assets.

At the policy level, the EU should extend its sanctions regime to target criminal enablers of hostile regimes—those laundering money, smuggling arms, or facilitating political violence—using robust measures to freeze assets and impose travel bans. Organised crime must be recognised as a geopolitical threat in the EU’s Strategic Compass and broader security doctrine, with scenario exercises and foresight planning addressing cartel-driven destabilisation, ransomware warfare, and the weaponisation of migration.

Finally, the EU should boost support to fragile states in its neighbourhood—particularly in the Balkans, North Africa, and Eastern Europe—to strengthen the rule of law and dismantle criminal networks operating from these strategic peripheries. The EU must also deepen cooperation with the United States, which only recently—through its 2025 Annual Threat Assessment of the U.S. Intelligence Community—reiterated the full scale of the challenges posed by transnational criminal organisations (TCOs), of which the fentanyl crisis is just one deadly example.

In short, there will have to be sustained diplomatic pressure on Russia, China, Iran, and North Korea to keep these gangs under reasonable control.

What’s at stake is not merely order on Europe’s streets, but the resilience of its institutions. When city administrations are hacked, journalists hunted by foreign mafias, and borders breached through criminal routes, the result is the systemic erosion of open societies. Criminal networks, shielded by weak enforcement and state complicity, now operate as agents of strategic chaos and violence across borders.

By 2025, the lines between criminality, terrorism, and statecraft have blurred. Europe’s security now hinges on its ability to recognise and confront the geopolitical dimensions of organised crime. Failure to adapt to this new reality risks leaving the EU—and what remains of the liberal international order rooted in law, human rights, and mutual decency—exposed to actors who exploit the grey zone between organised crime and violent geopolitics.

 

 

Robert Schuett is co-founder and managing partner at STK Powerhouse, a global risk advisory firm, and serves as Chairman of the Austrian Political Science Association.

Philipp Schramm is a security expert on cybersecurity and hybrid threats, with experience in Austria’s security sector and management consulting across Central Europe.

Photo by Wolfgang Weiser

Recommended

Disqus comments