Cybersecurity

Russia expected to increase cyberattacks in Ukraine war — to little effect

Nearly a year into its war with Ukraine, Russia has had little success on the cyber battlefield — and that doesn’t look like it will change moving forward.

In the coming months, the Kremlin is expected to escalate its cyber operations as it continues to face major military setbacks in the conflict.

However, that increase in cyber activity is likely to have a minor impact in the war as the Kremlin is met with stronger cyber counterattacks from Ukraine and its allies. 

There may in fact be no benefits for Russian forces in ramping up their cyber activity against Ukraine, said James Turgal, vice president of cyber consultancy Optiv, other than “to make the point that they can cause chaos.”

Many experts feared that the Kremlin would carry out destructive cyberattacks on Ukraine and its allies. And over the past year, Russian forces have launched numerous attacks against Ukraine in an attempt to disrupt the country’s critical infrastructure.


But the Russians “underperformed expectations” in the cyber space, a U.S. official said last year. Experts credit Ukraine’s enhanced cyber defenses for the Kremlin’s limited success. Russia was not expecting to be met with so much resistance from Ukrainian forces, which have been shoring up their cyber defenses for the last couple years with the assistance of the U.S. and the European Union.

“The Russians haven’t slacked off in cyberattacks, but they’ve been unable to overcome Ukrainian cyber defenses, hence their resort to missile attacks on critical infrastructure,” said James Lewis, a senior vice president and director with the strategic technologies program at the Center for Strategic and International Studies.

In recent months, Russia has carried out scores of destructive missile strikes on targets including Ukraine’s energy grid and water facilities. Those assaults have mirrored the Kremlin’s cyber offensives: Last year, Microsoft released a report that found that Russian cyberattacks were strongly tied — and sometimes directly timed — with kinetic military operations on the ground targeting Ukrainian services and institutions.

Russian forces are likely to continue coordinating their cyber activity with their kinetic military operations as they try to boost the effectiveness and impact of their offensives.

This strategy, however, doesn’t always pan out as intended. 

“One of the things that we’ve seen from combat operations over there is that it’s a lot harder to sync up cyber operations with kinetic military operations than I think some people gave it credit for,” said Michael Daniel, president and CEO at Cyber Threat Alliance.

“Using cyber capabilities to cause disruption is easier if you’re not trying to tie it to specific military operations because it gives you more flexibility in terms of choosing the time and place of where you try to get it to actually happen,” he added. 

Turgal said Russia’s long-term strategy of how to win this war on both the kinetic and cyber fronts seems unclear after it has faced major setbacks in the last couple of months. 

“We have seen over the last almost year that the use of one or both of those tactics together has not given them a victory,” Turgal said. 

Looking beyond Ukraine, experts expect Russian forces to expand their cyber activities to neighboring countries and perhaps directly attack European Union and NATO member countries — a move the Kremlin has been accused of making already. 

Last year, several NATO countries, including the U.S., were hit with cyberattacks that were reportedly carried out by a Russian-backed hacking group.

Jason Blessing, a research fellow at the American Enterprise Institute, said he expects Russian forces to launch cyberattacks against countries primarily located in Central and Eastern Europe but also more broadly in the West. He also anticipates Russia will go after companies that are supporting Ukraine economically and militarily.

“I think what’s more likely to happen in the short term is that businesses providing direct support and aid to Ukraine are much better targets because disrupting them disrupts supplies to Ukraine,” he said.

However, Blessing expects those attacks to be low-level and unsophisticated — just enough to create disruption to business operations. None of Russia’s cyberattacks have yet reached the level where NATO’s Article 5, which states that an act of war against any member nation will trigger a response from the full alliance, would be triggered, and he predicts the same will be true going forward.

“So, it’s more a widening of the conflict than sort of a vertical escalation in cyberspace,” he added. 

Despite Russia’s failure to unleash destructive cyberattacks against the West, particularly the U.S., government officials and experts all agreed that the U.S. needs to remain vigilant this year, as it has over the last year.

This month, Cybersecurity and Infrastructure Security Agency Director Jen Easterly warned the U.S. against potential Russian cyberattacks as the war in Ukraine drags on. 

Easterly said although the Russians have yet to launch massive cyberattacks against the U.S., “we cannot assume that won’t happen going forward.”

“It looks like it’s not going to end anytime soon. We need to continue to be vigilant, keep our shields up, and ensure that we are putting all those controls in place,” Easterly said during a panel at the Consumer Electronics Show in Las Vegas. 

Lewis, who agreed with her statement, said that regardless of what the Russians decide to do this year, the U.S. “needs to increase [its] cyber defenses.”

“We need to be as vigilant as we were last year,” he added. 

The threat of Russian cyberattacks may not abate even if the war between Russia and Ukraine comes to an end. If Russian troops are forced out of Ukraine, the Kremlin could decide to scale up its cyber activity to disrupt and undermine the Ukrainians beyond the end of a traditional conflict.

“If the war ended … I could see the Russians making extensive use of their cyber capabilities to try to destabilize the Ukrainian government and continue to sort of foment separatist interests on the eastern side of Ukraine,” Daniel, of the Cyber Threat Alliance, said.