Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine
In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. The Ukrainian power grid was disrupted by Russian hackers in 2015. Russia introduced the NotPetya malware to the Ukrainian financial software in 2017, causing widespread damage and disruption that caused billions of dollars for businesses around the world. In the months that followed the NotPetya attacks, many people speculated that Ukraine served as a sort of “testing ground” for Russia’s cyberwar capabilities and that those capabilities were only growing in their sophistication and reach.
As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components—the United States Department of Homeland Security even issued a warning to businesses to be on high alert for Russian cyberattacks, as did the U.K.’s National Cyber Security Centre. What is surprising is that—so far, at least—the devastating Russian cyberattacks everyone has been expecting have yet to materialize. There’s no guarantee, of course, that a large-scale cyberattack on Ukraine’s electrical grid or global banks or anything else isn’t just around the corner. Russia is not afraid to attack critical infrastructures and cause collateral damage by cyber-attacks. This has been proven repeatedly.
However, Russia seems to have fewer signs of a sophisticated cyber conflict as it continues its invasion. It is becoming less probable that Russia holds significant cyber capability reserves, which can be used if necessary. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. Many of the recent cyberattacks against Ukraine were relatively simple distributed denial of service attacks. This is where hackers flood servers and websites of Ukrainian governments with too much traffic so that they are unable to respond to legitimate users. Denial-of-service attacks can be effective for short-term disruptions but they’re hardly a new or impressive cyber capability—in fact, they’re what Russia used to target Estonia more than a decade ago in 2007. These types of attacks are not difficult to launch and require no technical expertise or the discovery of new vulnerabilities. They also have relatively limited impacts on specific computers. According to recent reports, Belarusian hackers have attempted to phish European officials through compromised accounts that belonged to members of Ukrainian armed forces. These attacks, however, are not carried out directly by Russian military hackers.
Continue reading: Watch Russia invade Ukraine. Russian media tells a different story
Worse, Russia also used wiper malware to erase data from Ukrainian government agencies. Microsoft has also reported that it has detected and shared with Russia wiper programs in the last week. This information has been passed on to the U.S government and other countries worried about Russian cyberattacks. NotPetya is a type of wiper malware that can delete large amounts of data. This was why the Russian Wiper Programs were discovered. But unlike NotPetya, the wiper programs that have been the focus of the latest wave of alerts—including the FoxBlade program identified by Microsoft—have shown little ability to spread quickly via common, difficult-to-patch vulnerabilities like the EternalBlue vulnerability in Microsoft Windows that NotPetya exploited back in 2017.
It’s likely that the combined efforts of Microsoft, the U.S., and many other countries and companies to ramp up cyber defenses both in and outside of Ukraine has undoubtedly helped curb the damage caused by these efforts. These lines of defense would fail to stop significant disruption and damage if Russia had access to sophisticated malware and vulnerabilities previously undiscovered. Updating critical infrastructure networks and systems is slow, expensive, complicated work and it’s impossible that every potential target has been hardened to the point where it is no longer vulnerable to Russian cyberattacks—unless those cyberattacks were never all that impressive to begin with.
Many of the theories that Russia may have abstained more severe cyberattacks are becoming increasingly unlikely as the conflict continues. For instance, one explanation for why Russia left Ukrainian electricity distribution and communication networks intact was that Putin wanted the rest of the world to see Russia’s swift, decisive victory in Ukraine via a steady stream of images and videos that might have been hampered by such an attack. It is becoming increasingly obvious that Russia will not be able to eliminate this infrastructure quickly and decisively. The Russian attack on the TV tower at Kyiv supports this view. It is not trying to disable media and communications more easily and less violently through cyber capabilities, however.
Read More: Ukraine’s Secret Weapon Against Russia: Turkish Drones
Given Russia’s past willingness to deploy cyberattacks with far-reaching, devastating consequences, it would be a mistake to count out their cyber capabilities just because they have so far proven unimpressive. And it’s all but impossible to prove the absence of cyber weapons in a nation’s arsenal. But the longer the conflict goes on without any signs of sophisticated cyber sabotage, the more plausible it becomes that the once formidable Russian hackers are no longer playing a central role in the country’s military operations—whether because they no longer have the resources they once did to purchase and develop tools for computer intrusion and exploitation, or because the government can no longer attract and retain technical talent, or simply because Russia has decided that cyberattacks, for all the damage they can do, are not an effective means of achieving its larger goals in Ukraine.
Of course, even if Russia has no particularly sophisticated cyber weapons to fall back on right now, that doesn’t mean they won’t go on to develop some new ones in the future. But the current lack of any significant cyber conflict is an important reminder of how little we actually know about any country’s cyber capabilities. Many of our beliefs about which countries have the most impressive hacking tools and Russia’s cyber dominance are based on incidents several years in the past—and an awful lot can change in just a few years.