Russia Is Waging Cyberwar–with Little Success

The atrocities taking place in Ukraine are truly tragic. It is personal to me. I’ve had the opportunity to work alongside cyber experts in Ukraine–providing time and resources over the years to help with cyber deterrence, and I watched anxiously as tensions escalated earlier this year.

Russia may have launched its physical invasion of its neighbor on February 24, but Russia and threat actors aligned with Russia have been targeting Ukraine with cyberattacks for years. 

As events have unfolded in Ukraine, the cybersecurity world has been on high alert with the expectation that Russia would also engage in a massive cyberwar effort. The Biden administration and CISA have warned businesses to be prepared for impending cyberattacks, and I have warned organizations not to let their guard down even if they are not a government, defense, or critical infrastructure target because no sector is off-limits

Russia is, in fact, waging cyberwar in parallel with the physical invasion of Ukraine. Unfortunately for Russia, it may have underestimated the resilience of Ukrainian cybersecurity just as it appears to be facing a far more formidable response on the ground–from the nations of the world and from Ukraine itself– than anticipated. 

Russian Cyberwarfare

While there has not been a crippling cyberattack in coordination with the invasion of Ukraine, it is not for lack of effort. Russia has used Ukraine as a proving ground for its offensive cyber strategy for years. It has shut down the electric grid in Ukraine and launched NotPetya—an attack that inflicted more than $10 billion in damage around the world—against targets in Ukraine. 

Since early 2021, Russian threat actors have escalated the frequency and intensity of cyberattacks—likely in preparation for the physical invasion. Phishing attacks, website defacements, and malicious wipers have been directed at Ukrainian government, foreign policy, defense, and law enforcement entities, as well as against NATO nations and allies of Ukraine. 

SC Magazine shared details of a recent report that reveals insights into coordination between cyber and kinetic military offensives throughout the Ukraine invasion. “A missile attack on a Kyiv TV tower came a day after the compromise of one Kyiv media company and the same day as widescale destructive attacks on Kyiv media groups. The takeover of the largest nuclear power station in Ukraine came at the same time as lateral movement through the networks of energy companies. Russia breached the government networks of Vinnytsia two days before the physically taking the Vinnytsia airport, and a destructive implant was placed on Dnipro government systems the same day as the first rocket strikes against the city.”

Defend Forward

Despite a year or more of preemptive strikes to gather intelligence and establish persistence within Ukraine, and concerted efforts to destroy systems and disrupt infrastructure in support of the invasion, Russia’s cyberwar has had minimal effect. Either Russia’s cyber capabilities are not as sophisticated as its reputation suggests, or defenders in Ukraine are more prepared and more resilient than Russia or the rest of the world believed. Perhaps it’s a little of both. 

That is not a reason to let down your guard, though. Russian threat actors have executed espionage, disinformation, ransomware, and critical infrastructure attacks with devastating success in the past, and we can expect that there will be a continued campaign while the invasion of Ukraine continues. The longer the conflict drags on with no significant victories by Russian military forces, the more desperate they will become.

It’s time to Defend Forward. Continue to follow the Shields Up guidance from CISA and do everything you can to strengthen your security posture. Make sure you have plans and processes ready to respond quickly and effectively if and when a cyberattack occurs that impacts the broader global economy. 

Lior Div
About the Author

Lior Div

Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.

All Posts by Lior Div