- Russia’s military, previously considered among the best in the world, has fought in Ukraine.
- In the midst of these battles, Russia doesn’t appear to be utilizing its cyber capabilities as much as expected.
- Moscow has a history of cyberattacks, and US officials have described it as an ongoing cyber threat.
The Russian military is fighting in Ukraine. Two months into the war, it has failed to achieve the quick victory that President Vladimir Putin and the few advisers aware of the plan had hoped for.
But Russia’s offensive power consists of much more than troops and weapons. Moscow’s cyber warfare capabilities also make it a force to be reckoned with.
While the Kremlin’s conventional forces have now underperformed in Ukraine, it has used these cyber weapons to great effect in the past.
Cyber activities of Ukraine and Russia
Russia has lost thousands of troops and dozens of ground vehicles, planes, ships and other hardware, and much of that destruction has been broadcast to the world via social media.
Despite the extent of the destruction, Russia’s cyber component wasn’t as robust or as visible as some expected — but it’s not missing, according to Michael E. van Landingham, a former CIA Russia analyst.
“I don’t think Russian cyber activity is any more muted than expected,” van Landingham told Insider, citing “multiple” distributed denial-of-service attacks and “wiper” attacks that remove data from devices owned by Russia be used against Ukrainians sectors.
“However, many had notions of a cyber Armageddon that would destroy US and European computers or destroy Ukrainian critical infrastructure. That probably didn’t happen because Putin wanted to fight a limited war in Ukraine,” van Landingham added.
The scale of Russia’s kinetic operations — troops on the ground supported by air and artillery strikes — “avoids the need for the most powerful cyber tools. You can sort of keep your powder dry because you’re using so many real explosives,” said van Landingham, founder of risk analysis and research firm Active Measures.
Should Moscow decide to escalate in response to US and European security aid to Ukraine, “it has numerous asymmetric capabilities in addition to nuclear weapons” that it can deploy, van Landingham said.
Earlier this year, cybersecurity firms Dragos and Mandiant helped uncover a complex
designed to damage LNG plants and other industrial equipment. Those facilities would be crucial for Europe to achieve its energy independence from Russia, and “there could be more programs like those out there,” van Landingham told Insider.
Russian intelligence agencies have a long history of conducting or facilitating cyberattacks.
In March, the Justice Department charged four Russians with carrying out cyberattacks on US power plants on behalf of the Russian Defense Ministry and the FSB over the past decade.
Russian cyber attacks on Ukraine have also been going on for a long time. For years, Russian intelligence agencies have targeted their neighbor’s critical infrastructure, mapping nodes and vulnerabilities.
A 2015 cyberattack that disrupted power supplies in western Ukraine — the first such attack known to bring down a power grid — has been attributed to a hacking entity called the Sandworm, believed to be part of the Russian military intelligence GRU. The same entity was blamed for the NotPetya malware used against Ukraine in 2017. NotPetya had a global impact and the US estimated it caused $10 billion in damage.
Current and former US officials fear a Russian cyber offensive against critical US infrastructure could escalate or escalate into conventional attacks. Russia could also try to jam or destroy satellites or underwater communications satellites that aren’t directly related to the Internet but support military and civilian communications, van Landingham said.
During their meeting last year, US President Joe Biden told Putin that some critical infrastructure for cyberattacks should be “banned” and warned that the US had its own “significant cyber capability.”
“There’s always concern about what Russian cyber tools the US and Europe have overlooked, what kind of critical infrastructure effects that could have,” van Landingham said.
The US should continue to think about what the worst-case scenarios might be and have a proper risk management plan in place, “if not, do some drills to stress test their systems,” said Herm Hasken, Partner and Senior Operations Consultant at MarkPoint Technologies, Insider said.
“There is no better defense than a vigilant team with a comprehensive cyber defense program,” said Hasken, who has extensive experience with US special forces and in the intelligence community, including his time as chief cryptologist for Special Operations Command.
A persistent cyber threat
In early March, the US intelligence community released its annual global threat assessment, which described Russia as an ongoing cyber threat.
“We anticipate that Russia will remain a top cyberthreat as it hones its espionage, influence and attack capabilities and employs military tools,” the report said.
US intelligence agencies believe Russia is particularly focused on mapping and then targeting foreign critical infrastructure, including undersea communications cables and industrial control systems, which may put Western economies and societies at long-term risk.
The threat is not limited to nation states. According to the agencies, Russia targets and attacks organizations and individuals it sees as a threat to its stability. Politicians, journalists, nonprofit groups, and others have also been victims of Russian cyberattacks, and they have seen their data and personal information leaked onto the Internet.
Stavros Atlamazoglou is a defense journalist specializing in special operations, a veteran of the Hellenic Army (national service with the 575th Marine Battalion and Army Headquarters) and a graduate of Johns Hopkins University.