Cybersecurity

Russia’s cyber warfare against Ukraine more nuanced than expected

Russia’s approach to cyber warfare against Ukraine has proved more subtle so far than many expected.

This week’s Microsoft report on the operations reveals that Moscow-backed hackers have launched more than 200 cyberattacks against Ukraine, including nearly 40 destructive ones that targeted the country’s government organizations and critical sectors. 

Cyber experts say the analysis suggests hidden depths to Russia’s cyber operations in Ukraine because although it has the capability to launch more damaging cyberattacks, it has chosen to inflict less harmful ones for the moment. 

“The Microsoft report illustrates the complicated, nuanced role of cyber operations in the Russian-Ukraine war,” said Michael Daniel, president and CEO of Cyber Threat Alliance. 

Daniel said that while the report shows that there is more cyber activity occurring than initial data had indicated, it also illustrates where the Russians are choosing to spend their efforts.


“Microsoft identified less than 20 percent of the operations as destructive, meaning that the majority of cyber operations were essentially espionage activities of various kinds,” he said.

He added that the destructive attacks seem to have targeted information technology systems, achieving “mostly tactical level effects as opposed to the strategic disruption many thought the Russians could achieve.”

“The result is that cyber has not been entirely absent, but it has not played the outsized role many feared,” Daniel said. 

Many experts, including policymakers and intelligence officials, predicted that after the invasion of Ukraine began in late February, the Kremlin would launch massive and destructive cyberattacks against the West, especially following the crippling economic sanctions imposed on it. 

The report, however, suggests that the Russians are also dealing with a country that has strengthened its cyber defenses over the years, making damaging attacks difficult.

“I saw [the report] more as a tribute to Ukrainian defenses as they pretty much beat off — with some help — everything the Russians could throw at them,” said James Lewis, a senior vice president and director with the strategic technologies program at the Center for Strategic and International Studies.

Ever since Ukraine fell victim to two separate destructive cyberattacks in 2015 and 2017 that targeted its power grid and key institutions, Kyiv has made significant investments to improve its cybersecurity. Ukraine has also had substantial assistance — both financial and technical — from the U.S. and the European Union.

U.S. officials have recently emphasized the importance of that investment, pointing to a $40 million contribution that the U.S. has made since 2017 to help Ukraine grow and enhance its information technology sector.

In a March briefing, Defense Department spokesperson John Kirby told reporters that those investments have helped Ukraine improve its cyber resilience, which he said is on display right now.

Ukrainian officials in April said they successfully intercepted a Russian cyberattack intended to disrupt the country’s electrical grid. 

The attempted attack was aiming to hit computers controlling high-voltage substations of an energy firm. The officials said the hackers behind the thwarted attack are affiliated with Russia’s military intelligence agency, GRU. 

Although the Russians have yet to unleash their full cyber capabilities against the U.S. and Western Europe, Daniel warned that they might potentially do so in the future. 

“[Russia] certainly has the capability to inflict more widespread damage if it makes the decision to go down that path,” Daniel said. 

But he also explained that even with its sophisticated cyber arsenal, Russia may not always be able to attain its intended goal.

“The Russian activities to date reinforce the idea that achieving effects through cyberspace is possible but having the precise effect that you want at exactly the time and place of your choosing, and only that effect, remains challenging,” Daniel said. 

“Thus, we must remain on guard against an expansion or escalation of Russia’s activities in cyberspace,” he added.