cyber, attack, virus protection-1654709.jpg

Russian Cyber Warfare in Ukraine: Should the U.S. be Concerned?

The ongoing conflict in Ukraine has raised many red flags for the U.S. As the timescale for Russia’s campaign grows longer and longer, concerns have arisen over the increase in cyber attacks on Ukraine’s technological infrastructure. While Russia has yet to be held responsible for recent incidents, there is an unmistakable correlation between Russian military intervention and the timing of the cyber attacks. Now that the U.S. has placed economic sanctions on Russia, experts worry that Russian hackers may retaliate to disrupt the U.S. economy. Based on analysis of recent cyber security breaches, it seems that, despite their nominal role in the ongoing Ukraine conflict, Russian hackers still pose a significant threat to the U.S. 

Cyber Warfare and Hybrid Warfare

Since cyber warfare is a broad and rather ambiguous subject, it must be defined. Cyber warfare is understood to mean “a set of actions by a nation or organization to attack countries or institutions’ computer network systems with the intention of disrupting, damaging, or destroying infrastructure by computer viruses or denial-of-service attacks” (What is, n.d.). Computer viruses include any “type of malicious software, or malware, that spreads between computers and causes damage to data and software” (What are, n.d.). On the other hand, a denial-of-service attack (DoS) “floods a server with internet traffic to prevent users from accessing connected online services and sites” (Distributed, n.d.). DoS attacks can be used to completely shut down a targeted site or render the site defenseless against further attacks (Types, n.d.). While cyber warfare may not be limited to the use of viruses and DoS attacks, the scope of the following discussion will be limited to these two kinds of cyber offensives.

When nation-states engage in cyber warfare, there are generally two main goals for the attacking country. The first goal is strategic, using cyber attacks to weaken an opponent’s morale or render them unable to counterattack. The second focuses on decreasing the effectiveness of opposing military forces by targeting military leaders, soldiers, and weapons. Russia has incorporated both of these goals into its aggressive foreign policy and has developed a strategy of hybrid warfare. “Hybrid warfare is a collection of tactics designed to circumvent deterrence and avoid military retaliation by skirting the threshold of what could be considered state use of armed force” (Lewis, 2015). Said tactics can include political disruption, covert operations, and cyber warfare. While hybrid warfare can lead to physical destruction common in conventional warfare, it is most effective at dealing psychological damage to an opponent’s morale, thanks to its destabilizing nature. Due to their ambiguous status under international law, cyber attacks are an especially useful tool in conducting hybrid warfare. Under Articles 2/4 and 51 of the UN Charter, cyber warfare cannot be considered a use of force or an act of self-defense. Although various international conferences have been held on this topic, the language of these two articles has remained the same. Thus, Russia sees cyber warfare’s exclusion as tacitly legitimizing their own cyber wars (Lewis, 2015).

Ukraine as a Consistent Target

This is not the first time that Russia has conducted cyber warfare in Ukraine. In 2014, the Russian military launched three major cyber attacks in an attempt to disrupt Ukraine’s presidential elections. On May 22, Russian hackers breached the electronic voting system and deleted files important to finalizing election results. Furthermore, on March 25, election day, malware was found on software used by Ukraine’s Central Election Commission. Had the malware not been removed, government computers would have displayed fraudulent results in support of a right-wing extremist. The last incident occurred on March 6 when DoS attacks blocked the release of genuine election results by targeting systems involved in the counting process. All three of these attacks were attributed to CyberBerkut, a Russia-affiliated hacking organization. Additionally, the first successful cyber disruption of a national power sector occurred in 2015 when Russia’s Sandworm Team infiltrated and shut down three private electrical companies, downing the power supply in Ukraine’s Ivano-Frankivsk region for hours. The attack left about 230,000 citizens without power, effectively cut telephone communications and downed 16 subway stations servicing the area. A succeeding attack in 2016 caused an hour-long blackout in Kyiv when an electrical substation was infected with malware developed by Eletrum, a suspected Sandworm Team associate. The next year, on July 27, Russia unleashed the NotPetya virus which permanently encrypted hard drives on computers owned by various public and private agencies. These included but were not limited to banking institutions, utility companies, and government websites. The malware was easily transmitted through a downloadable tax program and was so volatile that it spread internationally, even affecting U.S. healthcare systems. Thus, the NotPetya incident is known as the “most devastating cyberattack in history” (Ukraine, 2022). This recent upward trend in Russian cyber aggression reveals that Russia was actively trying to incorporate cyber attacks into its hybrid warfare strategy in Ukraine.

While political tensions between Russia and Ukraine have run high since 2014, Russia also seemed to have been using Ukraine to beta test cyber warfare tactics. Ukraine is a tempting target because it utilizes Western technology but lacks a mature cyber security system that can defend against foreign intruders. Thus, Russia may not be the only country that is experimenting with cyber warfare in Ukraine (Madnick, 2022). According to Microsoft’s Digital Defense Report, Ukraine accounted for 19 percent of all documented cyber attacks from July 2020 to June 2021 which was second only to the U.S. which stood at 46 percent. The report estimated that over 1,200 Microsoft customers in Ukraine were affected by the increase in Russian cyber activity “heavily targeting Ukrainian government interests involved in rallying support against a build-up of Russian troops along Ukraine’s border” (Microsoft, 2021). Lastly, the report notes that more than half of all global cyber attacks originated from Russia over the same span of time (Microsoft, 2021).

Hybrid Warfare in War Time?

Despite Russia’s well-documented record of cyber intervention in Ukraine, there has been surprisingly little increase in cyber attacks since Russia declared war. On February 23, 2022, the Ukraine Ministry of Foreign Affairs, Ministry of Internal Affairs, Cabinet of Ministers, and the Security Service of Ukraine were assaulted by DoS attacks that took said agencies offline for about two hours (Wisniewski, 2022). That same day, a new type of “wiper” malware dubbed WhisperGate infected various government agencies, humanitarian programs, and tech companies. Wiper malware takes the form of ransomware but is designed to completely disable a computer’s operating system. The next day, more wiper software was discovered “that can delete or corrupt data on a targeted computer or network” (Ukraine, 2022). Nicknamed “HermeticWiper,” this malware had been identified in Latvia and Lithuania, showing that it had spread from Ukraine to surrounding countries. Meanwhile, DoS attacks continued to widen their effect, compromising banking, news, and military websites. While there was some misinformation spread through various news agencies, fake social media and email accounts, and SMS spam messages, the effectiveness of these attacks remains unknown. Although many types of malware have been discovered and disseminated through phishing scams, none of Russia’s war-related cyber attacks come close to the scale or effectiveness of NotPetya. Even shutting down the Ukrainian power grid twice caused more disruption than what Russian cyber warfare is currently inflicting (Ukraine, 2022).

Had Russia fully committed to fighting Ukraine on all fronts, one would expect to see a dramatic increase in Russian cyber operations. Nevertheless, Russia has maintained their more cautious hybrid warfare strategy rather than declaring an all-out cyber war against Ukraine. Cyber security experts have a couple of explanations for this counterintuitive behavior. First, Moscow restricted the military leadership involved in planning the Ukraine offensive to a select few. Thus, it is possible that Russia’s cyber branch was completely unaware of the war at the outset. Additionally, “successful cyber operations require careful planning, targeting and development, often taking months if not years” (Krebs, 2022). The disjointed nature of Russia’s wartime cyber attacks indicates that Russian hacking groups were unprepared for a widespread assault on Ukrainian infrastructure. Second, Russia would benefit from keeping the Ukrainian internet online, because the Kremlin would then have easy access to information from both its frontline forces and the Ukrainian public. Coordinating Russian forces and spreading disinformation becomes less burdensome if Moscow can commandeer preexisting Ukrainian networks. However, the current state of the war and the relatively few successes of Russia’s disinformation campaign seem to nullify these strategic benefits. Cyber warfare is simply not a major factor in the Russian war for Ukraine (Krebs, 2022).

The Current Danger

As Russia continues to lose ground despite the use of conventional military tactics, many are concerned that she will ramp up her cyber operations against the West, especially in response to U.S. sanctions. There is no doubt that said sanctions have taken a toll on Russia’s economy in the form of “factory closures, job losses, a doubling of interest rates, and a decline of the ruble—all of which have been further exacerbated by rising inflation” (Kim, 2022). These losses were severe enough for Putin to admit that “[Russia’s] economy will need deep structural changes in these new realities, and I won’t hide this—they won’t be easy; they will lead to a temporary rise in inflation and unemployment” (Kim, 2022). While further sanctions will worsen conditions in Russia, they may also provoke Russia to engage in retaliatory cyber attacks that will exacerbate America’s own financial distress. Part of why Russia has not declared cyber warfare on the U.S. is their substantial dependence on the U.S. economy. Hurting U.S. businesses also hurts Russian investors and consumers (Healey, 2022). However, if Putin sees sanctions as a big enough threat, he may unleash a wave of Russian cyber attacks to compel the U.S. government to change its stance on Russian trade (Krebs, 2022).

In conclusion, the U.S. should expect to see some sort of hybrid warfare against its economic infrastructure. Russia has already shown that it is capable of causing mass international disruption through its NotPetya malware attack, and U.S. businesses should employ proper precautions against similar attacks, especially in the financial sector. In 1994, Citibank was hacked by a Russian actor who got away with stealing millions of dollars. This incident exposed the vulnerability of U.S. electronic banking systems and caused Citibank to develop their Information Sharing and Analysis Center where banks across the nation could compare financial data and stop potential threats. The compromising of Citibank sparked a trend of tightening cyber security that must continue in order to thwart further Russian cyber attacks (Healey, 2022).



Distributed denial of service attacks: Meaning and prevention. (n.d.). Fortinet. https://www.fort

Healey, J. (2022, March). What’s the role of cyber warfare in Russia’s war with Ukraine?. Science Friday [Audio podcast]. russia-ukraine/

Lewis, J. A. (2015). ‘Compelling opponents to our will’: The role of cyber warfare in Ukraine. NATO Cooperative Cyber Defense Center of Excellence. CyberDept/_files/documents/CyberWarinPerspective_Lewis_04.pdf

Kim, A. B. (2022, March). Sanctions on Putin’s Russia: An initial assessment. The Heritage Foundation. ins-russia-initial-assessment

Krebs, C. (2022, March). The cyber warfare predicted in Ukraine may be yet to come. Financial Times.

Madnick, S. (2022, March). What Russia’s ongoing cyberattacks in Ukraine suggest about the future of cyber warfare. Harvard Business Review. ongoing-cyberattacks-in-ukraine-suggest-about-the-future-of-cyber-warfare?ab=hero-main-text

Microsoft digital defense report. (2021, October). Microsoft. com/cms/api/am/binary/RWMFIi#page=47

Types of cyber attacks. (n.d.). Fortinet. f-cyber-attacks

Ukraine: Timeline of cyberattacks on critical infrastructure and civilian objects. (2022, March). CyberPeace Institute.

What are computer viruses? (n.d.). Fortinet. mputer-virus

What is cyber warfare? (n.d.). Fortinet. warfare

Wisniewski, C. (2022, March). Russia-Ukraine war: related cyberattack developments. Sophos News. developments/