Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Russian Cyber Restraint in Ukraine Puzzles Experts

The absence of any crippling Russian cyberattacks against Ukraine is puzzling experts, but they warn that low-level assaults may be coming, including against the West in retaliation for sanctions.

The absence of any crippling Russian cyberattacks against Ukraine is puzzling experts, but they warn that low-level assaults may be coming, including against the West in retaliation for sanctions.

Even before Russian troops poured across the border into Ukraine last month, Western observers had warned of massive attacks on Ukraine’s IT infrastructure, likely launched by Russian government agents or, by proxy, private hackers which give the government plausible deniability.

The entire range of cyberattacks is within Russia’s capabilities, from blocking banking systems, shutting down power grids and cutting the water supply, to sabotaging communication networks.

Hackers close to the government have in the past targeted corporate IT structures, government websites, planted ransomware and plundered sensitive data as part of espionage efforts, experts say. But in the war against Ukraine, the order for all out cyber-war does not appear to have been given or, if it was, has not translated into much success.

– ‘You don’t burn it down’ –

The most likely explanation is that Russia had been hoping for a quick victory without needing to resort to sophisticated and hugely damaging cyberattacks that require long preparation, according to Jason Blessing, a cybersecurity expert at the American Enterprise Institute (AEI).

“Strategic context is critical for unpacking the use of cyber operations,” he said.

[ Read: Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar ]

Advertisement. Scroll to continue reading.

“If your plan is to instal a puppet government, the last thing you want to do is obliterate Ukraine’s communications networks and other critical infrastructure.”

But President Vladimir Putin’s presumed plan to take Kyiv quickly and set up a Moscow-friendly regime was thwarted by a combination of Ukrainian resistance and the Russian army’s structural weaknesses.

Despite early setbacks, experts say Russia still sees political control of Ukraine as its ultimate aim and does not want to destroy more of the target country than needed to achieve that objective.

“When you think you’re going to take over the house, you don’t burn it down,” said Jim Lewis, who directs the Strategic Technologies programme at the Center for Strategic and International Studies, a think tank.

“This may change now that things are going so badly but the original reason is they thought it would be a quick victory and they wanted to maintain an intelligence advantage” by tapping into Ukrainian communications, he told AFP.

– ‘Know them intimately’ –

If Russia does decide to go after Ukraine’s networks, it will be helped by the fact that they are mostly Russian-made.

“They know them intimately and that gives them stupendous abilities to hack,” Lewis said.

Meanwhile the West is also bracing for possible Russian cyber-reprisals for sanctions, with experts agreeing however that Moscow would keep those limited so they do not come under the definition of acts of war.

“Russia will certainly punish us for what it believes we’ve done,” said David Stupples, a military intelligence specialist at City University London.

He said this would remain at the “nuisance” level rather than “taking down services” which could be considered as an act of war, Stupples said.

“But that nuisance level will be very high indeed,” he said. Last week, private cybersecurity company Mandiant said there could be cyber actions against western targets to find out what governments are planning against Moscow.

“Mandiant anticipates that Russian action against the financial sector outside of the conflict zone will include cyber espionage to gather information about implementation of Western and international sanctions,” it said.

To that end, Russian intelligence services “almost certainly have the ability to coopt criminals residing within Russia”, it said.

Government agencies, financial companies, energy utilities, service companies as well as transport and logistics faced increase risk of hacking, it said.

But Russia is sure to tread carefully, as any major cyber attack could trigger a response by NATO which, under article 5 of its treaty, considers an attack on any member as an attack on all of them.

Meanwhile Western governments are deploying their own cyber arsenal, some of it in direct aid to Ukraine, with the US dispatched soldiers of the US Cyber Command to eastern Europe, said Alexis Rapin, an expert in multi-dimensional conflict at the University of Quebec.

“From what we understand they are spying on hackers working for Russian intelligence so they can warn the Ukraines of any cyberattacks being prepared,” he said.

RelatedRussia, Ukraine and the Danger of a Global Cyberwar

RelatedRussia vs Ukraine – The War in Cyberspace

RelatedTalking Global Cyberwar With Kaspersky Lab’s Anton Shingarev

 

RelatedTalking UK Cyberwar With Sir David Omand

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.