After being drastically slowed down by Ukraine’s military resistance, Russia has turned to cyber warfare to unsettle Kiev. However, there has been a limited use, perhaps on account of kinetic warfare already unfolding on a drastic scale and, to avoid unwanted escalation with the US and NATO.
Russia’s offensive capability is not just limited to its troops, armor, and air power. Moscow’s cyber-warfare capabilities make Russia a formidable adversary and, unsurprisingly they have been employed against Ukraine.
However, according to Michael E. van Landingham, a former CIA Russia expert, Russia’s cyber component hasn’t been as robust or obvious as some had expected despite the scale of destruction.
“I don’t think Russian cyber activity is more muted than expected,” Van Landingham said, quoting Russia’s use of “several” distributed denial-of-service assaults and “wiper” attacks, which wipe data from devices, against Ukrainian sectors.
“That said, many had perceptions of a cyber Armageddon bricking the US and European computers or destroying Ukrainian critical infrastructure. That probably didn’t happen because Putin wanted to fight a limited war in Ukraine,” Landingham added.
Last month, after Russia intensified its military operations in Eastern Europe, a major Russian cyber-attack on the power infrastructure of Ukraine was narrowly averted by Kyiv. Hackers attempted to shut down substations at one of the country’s main energy companies, resulting in blackouts for two million people.
Ukraine says it has thwarted a modern Russian cyber attack on its power grid
— MS Info Tech (@MSInfoTech5) April 13, 2022
According to a Microsoft report, Russian cyber-attacks often occurred days or even hours after missile strikes, thus supplementing the Russian military operations with a denial of access to critical services and communication with its adversary.
Starting just before the invasion, we have seen at least six separate Russia-aligned nation-state actors launch more than 237 operations against Ukraine – including destructive attacks that are ongoing and threaten civilian welfare.
The destructive attacks have also been accompanied by broad espionage and intelligence activities. The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership”, read a blog published by Microsoft.
However, despite these reports and Ukraine’s admission of several attacks that it was struck by throughout the war, the Russian cyberattacks have been limited in scale.
On the contrary, the international hacking group called ‘Anonymous’ has been believed to be consistent in carrying out hacking and cyber-attacks against Russia to avenge the war against Ukraine.
Why Is Russia Not Using Cyber Weapons?
The scale of Russia’s kinetic operations — ground soldiers, supported by aviation and artillery strikes — is massive and “obviates the need for the most impactful cyber tools.
You can, in a sense, keep your powder dry because you’re using so many real explosives”, said Van Landingham, the creator of Active Measures, a risk analysis and research organization.
If Moscow chose to escalate as a response to the US and European security aid to Ukraine, it “has numerous asymmetric capabilities short of nuclear weapons” it can use, van Landingham said.
The APT actors are targeting ICS/SCADA devices with a new custom-made malware toolkit (tracked as PIPEDREAM by Dragos and INCONTROLLER by Mandiant) that allows them to compromise and hijack systems.https://t.co/MBTfHUYjxG
— BleepingComputer (@BleepinComputer) April 13, 2022
Further, earlier this year, Dragos and Mandiant, two cyber security firms, assisted in the discovery of a complex malware designed to damage liquefied natural gas plants and other industrial facilities.
Those plants would be vital to Europe achieving energy independence from Russia, and “there could be more programs like those out there,” further elaborated Van Landingham.
Russian intelligence agencies have a long history of carrying out or supporting cyber-attacks. In March this year, the US Department of Justice charged four Russians for cyber intrusions into US power plants for over a decade on behalf of the Russian Ministry of Defense and the FSB.
Russian cyberattacks on Ukraine also go back several years. Russian intelligence services have been mapping out networks and vulnerabilities in their neighbor’s crucial infrastructure for years. After the annexation of Crimea in 2014, Russian cyber intrusions into Ukraine’s systems saw an uptick.
Current and former US officials are concerned that a Russian cyberattack on critical infrastructure in the United States could intensify or spread to a conventional offensive.
According to van Landingham, Russia might potentially try to interfere with or destroy satellites or underwater communications satellites, which are not directly tied to cyberspace but facilitate military and civilian communications.
US President Joe Biden had earlier reminded Putin during their meeting last year that some key infrastructure should be “off-limits” to cyber-assault and that the US had its own “significant cyber capability.”
“There is always a concern for what Russian cyber tools the US and Europe have missed, what sort of critical infrastructure effects that could have,” Van Landingham said.
In its annual global threat assessment released in early March, Russia was classified as a persistent cyber danger by the US intelligence community.
According to US intelligence services, Russia is particularly focused on mapping out and then attacking foreign key infrastructures, such as underwater communications cables and industrial control systems, to put Western economies and societies in danger in the long run.
Having said that, it has so far stopped short of using its cyberweapons against Western countries, despite several verbal warnings of aggression provoked by their assistance to Ukraine.