It is unlikely that Moscow’s resolve will be weakened by repeated failures of Russian cyberattacks and disinformation campaigns to cause lasting harm during the Kremlin’s ongoing war against Ukraine. Instead, Moscow may be emboldened to launch new, riskier operations against a wider range of targets.
The assessment comes from a number of U.S. government agencies as Russia’s invasion of Ukraine enters its second year, and as Ukraine and its Western backers get ready for Moscow to launch new cyber assaults aimed at altering the course of the conflict on the ground.
The weight of this conflict is still quite heavy, according to a U.S. Cyber Command spokesperson who went on the record on the condition of anonymity given the nature of the ongoing conflict. “We predict their online behavior may grow more daring and focus on broader targets.”
The National Security Agency officials have come to identical findings.
The NSA and Cyber Command both spoke on the condition of anonymity. “If the conflict continues to go poorly for Russia, there is some chance that Russia will be increasingly brazen in its cyberattacks on civilian infrastructure, as we have already seen with their kinetic activity,” the NSA spokesperson said. Russia’s cyberattacks won’t be restricted to Ukraine, most certainly.
UNPREPARED RUSSIAN CYBER FORCES
Such judgments are made more difficult by the fact that Russia’s ambitions for an immediate overthrow of Kyiv’s administration were dashed, leaving its military planners fighting a conflict for which they were unprepared.
By the end of last year, Pentagon cyber officers had issued warnings that the Kremlin’s failure to foresee a protracted conflict with Ukraine was not just a concern on the battlefield, but also in cyberspace and the information environment.
As a result, when Russia’s first cyberattack on Ukraine fell short of becoming decisive, the Kremlin’s cyber forces were left without many options and continued to underperform.
UNCHANGING TACTICS
Russia, according to both CYBERCOM and the NSA, has instead adhered to its usual cyber playbook in the hopes that perseverance will pay off, despite what they both characterize as strategic and operational failure.
Estonian intelligence warns that Moscow has not only been looking to have an immediate impact in cyberspace.
According to the research, Russia frequently employs cyberattacks in a similar way to its armed forces, “wearing out Ukraine’s cyber defenses” in the aim of eventually identifying a weak point to exploit.
Estonian intelligence officers also observed increased targeting of nations backing Ukraine, including Estonia, Latvia, Lithuania, and Poland, through influence operations and cyberattacks.
Other cybersecurity firms have also detected a change.
CONCENTRATE ON UKRAINIAN ALLIES
According to a report released this month by Check Point Research (CPR), weekly cyberattacks on Ukraine have decreased by 44% since September 2022, while assaults against important NATO nations have risen.
According to CPR, the Russian invasion of Ukraine was associated with a 57% rise in cyberattacks against Estonia. The number of these cyberattacks increased by 31% in Poland and Denmark, compared to an increase of 11% in Britain and a 6% increase in the United States.
The majority of the attacks, according to CPR, used malware, but influence operations and disinformation were also becoming increasingly important.
RENEWED EFFORTS
In a report released on Tuesday, the cybersecurity company Proofpoint warned that a Russian-aligned threat actor going by the aliases TA499, Vovan, and Lexus has been expanding a campaign to spread unfavorable stories about “those who have spoken out against Russian President Vladimir Putin and in the last year, opposed Russia’s invasion of Ukraine” using emails and video calls.
Targets can be high-profile members of the government in North America or Europe, CEOs of illustrious corporations, or even celebrities. This is frequently done by impersonating Ukrainian government representatives or even Alexei Navalny, the leader of the Russian opposition.
Both U.S. CYBERCOM and the NSA stated that they continue to collaborate with a variety of partners to identify Russian activity against Ukraine as well as against allies and to share information that can prevent cyberattacks from happening in the first place or at the very least enable a prompt response.