Russian Cyber Operations Against Ukrainian Critical Infrastructure
On January 25th, 2023, Ukraine suffered a cyber attack against its critical infrastructure and key government organizations – the latest in a decades-long string of cyber aggression that American and European governments blame on Russia.
Russia, however, denies responsibility for this attack and previous attacks, even as a preponderance of evidence suggests that Russian government-backed cyber groups are behind them. Despite these attacks, Russian cyber attacks have been unsuccessful in causing significant disruption or damage to Ukrainian critical infrastructure since Russia’s invasion of Ukraine. This is due to the United States’ involvement, private sector support, and Russia showing its hand too early.
Background of Russian Cyber Attacks and Operations
Russian cyber groups have targeted a wide range of critical infrastructure in Ukraine and NATO member countries. They have targeted banks, government websites, electricity grids, airports, and railways. Still, the ineffective impacts that cyber attacks have had thus far in the war have led many to question the efficacy of Russian cyber operations.
Perpetrators range from Russian military and intelligence hacker groups to criminal organizations that are loosely sponsored by the Russian government. Notable criminal organizations like Sandworm and Fancy Bear have garnered attention from Western countries because they have a reputation for highly impactful cyber attacks that target NATO member countries. Additionally, there are groups called “hacktivists,” which are not affiliated with the Russian government but are hacking patriots who possess limited resources and little technical expertise.
In 2015 and 2016, Ukraine suffered from Russian government-backed cyber attacks that rendered its power grids inoperable for extended periods of time, as shown in the image below. The 2015 hack affected nearly a quarter of a million Ukrainian citizens for six hours. The 2016 hack lasted an hour and resulted in the loss of one-fifth of power consumption in the Ukrainian capital, Kyiv. These cyber attacks demonstrated the devastating consequences that are caused by Russian cyber campaigns.
Shortly before Russia’s full-scale invasion, they launched a number of cyber attacks against Ukraine: a cyber attack on the Kyiv Post’s communication systems, an attack against government websites, border control stations, TV channels, financial and energy online services, and even satellite networks. These massive coordinated cyber attacks had an enormous impact on Ukrainian critical infrastructure. These Russian cyber “fires,” which are considered attacks that cause destructive or disruptive impacts on critical infrastructure, demonstrated the effectiveness of Russia’s cyber capabilities. However, since the initial invasion, their cyber attacks have had negligible impact on the Ukrainian infrastructure.
Why isn’t Russia as Successful Post-Invasion?
Research regarding Russia’s cyber fires indicates that they do not play a distinct role because the cyber attacks target the same systems as kinetic firepower, which is the physical damage caused by the Russian military’s conventional forces. Although cyber fires may be more cost-effective, they have not performed any niche role in the conflict against Ukraine. Furthermore, it seems that Russian hacking groups’ objective has shifted from causing cyber fires with a noticeable impact on critical infrastructure to gaining access to sensitive information.
General Paul Nakasone, the head of U.S. Cyber Command, confirmed that the United States is engaging in offensive and defensive cyber operations in support of Ukraine. U.S. Cyber Command has sent operators from its “hunt forward” team, and the Federal Bureau of Investigations (FBI) has sent its cybersecurity experts to strengthen cyber defenses in Europe and Ukraine. The United States, with its advanced cyber capabilities, is a strong ally of Ukraine and thus is likely determined to deter any threats against Ukrainian critical infrastructure to thwart Russia’s attempts to cause destructive or disruptive effects.
Most notably, Ukraine withstood a cyber attack targeting one of its largest energy companies, which could cause a blackout for over two million Ukrainian citizens. Sandworm, a Russian foreign military intelligence hacker group, was believed to be responsible. Still, Western cybersecurity companies, Eset and Microsoft, helped remediate the attack and neutralize the malicious code. Therefore, Ukraine has placed a greater emphasis on cybersecurity for its critical infrastructure.
Additionally, Russia showed its hand too early by launching all of its cyber attacks during the initial invasion, which has since stalled. The “Cyber Kill Chain” must be considered, which often requires months of reconnaissance and planning to determine the specific goal and methods to exploit the intended target. Russian President Vladimir Putin believed he could invade Ukraine in a few days with the Russian military’s destructive capabilities and cyber attacks discouraging the public and the Ukrainian government from defending the country. However, Russia’s war continues to drag on longer than President Putin expected, which has impacted Russia’s ability to conduct cyber fires that have destructive and disruptive impacts on Ukraine.
The United States continues to aid Ukraine with technical expertise, but also in helping identify the hackers who are conducting these attacks. The United States Department of Justice attributes these Russian hackers to cybercrime and attacks against the United States and Ukraine. By publicly announcing these individuals, Russian hackers cannot rely on anonymity to protect their identity. These announcements would deter Russian hackers from actively engaging in cyber activities because their identities could be publicly revealed. Additionally, the Russian hackers will be exiled from every country that allies itself with the United States. These consequences are intended to dissuade Russian hackers from continuing to engage in cyber operations against the West.
What is Next?
With the conspicuous absence of cyber attacks and recent records of unsuccessful cyber campaigns launched against Ukrainian critical infrastructure, some speculate that Russian hackers are waiting for the right opportunity and timing to launch large-scale cyber attacks.
At the same time, the United States leadership has warned the public that Russian hackers may attempt to target the United States and its allies because they continue to aid Ukraine in its defense. U.S. President Joe Biden warned Western companies to harden their cyber defenses given the increased threat from Russia. Biden pointed to cyber attacks as a tool that Russian President Vladimir Putin “hasn’t used…yet, but it’s part of his playbook.”
The Russian hacker groups are likely attempting to gain entry to Ukraine’s critical infrastructure systems and networks. However, with the United States providing technical assistance, identifying these vulnerabilities is becoming increasingly difficult.
The views expressed in this article are those of the author and do not represent those of any previous or current employers, the editorial body of SIPR, the Freeman Spogili Institute, or Stanford University.
Stanford International Policy Review
Want to know more? Click on the following links to direct back to the homepage for more amazing content, or, to the submissions page where you can find more information about being a future author!