Logically, if Russians would want to infiltrate your organization, they won't do it from Russian IPs directly, but instead do it from cheap proxies, and those proxies are abundant in Netherlands or Germany.
Only stuff like scanners and other basic stuff (that comes from devices that have been left unattended and without updates). But the actual malicious traffic is not that easy to spot, as it won't be router directly.
