Why Russia Hasn’t Launched Major Cyber Attacks Since the Invasion of Ukraine

By Josephine Wolff, Associate Professor of Cybersecurity Policy at The Fletcher School at Tufts University

In the relatively short and rapidly evolving history of cyber conflict, perhaps nothing has been established with greater certainty and more widely accepted than the idea that Russia has significant cyber capabilities and isn’t afraid to use them—especially on Ukraine. In 2015, Russian government hackers breached the Ukrainian power grid, leading to widespread outages. In 2017, Russia deployed the notorious NotPetya malware via Ukrainian accounting software and the virus quickly spread across the globe costing businesses billions of dollars in damage and disruption. In the months that followed the NotPetya attacks, many people speculated that Ukraine served as a sort of “testing ground” for Russia’s cyberwar capabilities and that those capabilities were only growing in their sophistication and reach.

As tensions escalated between Russia and Ukraine, many people were expecting the conflict to have significant cyber components—the United States Department of Homeland Security even issued a warning to businesses to be on high alert for Russian cyberattacks, as did the U.K.’s National Cyber Security Centre. What is surprising is that—so far, at least—the devastating Russian cyberattacks everyone has been expecting have yet to materialize. There’s no guarantee, of course, that a large-scale cyberattack on Ukraine’s electrical grid or global banks or anything else isn’t just around the corner. Russia has proven time and again that it has few compunctions about targeting critical infrastructure and causing considerable collateral damage through acts of cyber aggression.

But as the invasion continues with few signs of any sophisticated cyber conflict, it seems less and less likely that Russia has significant cyber capabilities in reserve, ready to deploy if needed. Instead, it begins to look like Russia’s much vaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that cause less widespread damage and are considerably easier to contain and defend against. For instance, many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks, in which hackers bombard Ukrainian government websites and servers with so much online traffic that those servers cannot respond to legitimate users and are forced offline for some period of time. Denial-of-service attacks can be effective for short-term disruptions but they’re hardly a new or impressive cyber capability—in fact, they’re what Russia used to target Estonia more than a decade ago in 2007. Moreover, launching these types of attacks requires no sophisticated technical capabilities or discovery of new vulnerabilities, and they typically have fairly contained impacts on the specific, targeted computers. Similarly, recent reports that Belarusian hackers are trying to phish European officials using compromised accounts belonging to Ukrainian armed services members suggests that not only are these efforts relying on fairly basic tactics like phishing emails, they are not even being carried out by Russian military hackers directly.

This piece was re-published from Time.

Leave a Reply