“Russia’s Cyber Threat to Ukraine Is Vast—and Underestimated”
WIRED, February 24, 2022
By Justin Sherman
“The Kremlin’s web of nonstate hackers can wreak just as much havoc as Putin’s government.”
Vladimir Putin launched an illegal, aggressive attack on Ukraine last night that has already killed dozens of soldiers and sent panic rippling through the world. Russian forces are air-striking cities all over Ukraine, with countless civilians in the firing line, as people flee the capital in Kyiv. Cyberattacks have also begun to amplify the chaos and destruction: Wiper attacks hit a Ukrainian bank and the systems of Ukrainian government contractors in Latvia and Lithuania; Ukrainian government websites were knocked offline; and the Kyiv Post website has been under constant assault since Russia attacked.
While the exact culprits of these cyberattacks aren’t yet known, much of the public discussion about cyber threats has focused on Russia’s military and intelligence services: from stories of military cyberattacks to coverage of Ukrainian preparations against them. The same has been replicated on the government side, with White House press briefings and other sessions dominated by discussion of Russian government agencies’ cyber capabilities. Yet the Putin regime has a far more expansive web of nonstate actors, from cybercriminals to front organizations to patriotic hackers, that it can and has also leveraged to its advantage. Not acknowledging these threats ignores an enormous part of the damage Russia can inflict on Ukraine.
Without a doubt, the Russian state has sophisticated cyber capabilities with a track record of havoc. The SVR, Russia’s foreign intelligence service, has been linked to a number of espionage and data-pilfering campaigns, from the widespread SolarWinds breach in 2020 (whose victims ranged from government agencies to major corporations) to stealing information from Covid-19 vaccine developers. For years, Russia’s military intelligence service, the GRU, has launched destructive cyberattacks, from the NotPetya ransomware that likely cost billions globally, to shutting off power grids in Ukraine, to, just last week, launching a distributed denial of service attack against Ukrainian banks and its defense ministry.
Moscow, however, can also unleash an even more expansive, complex, and often opaque web of proxies whose actors are happy to hack and attack on behalf of the regime. The Kremlin’s involvement with these groups varies and may fluctuate over time; it may finance, endorse, ignore, recruit, or use these actors on an ad hoc basis. Part of the reason Moscow protects or turns a blind eye to cybercriminals is economic—cybercrime brings in a lot of money—but it’s also so the state can sway those actors to do its dirty bidding.
About the Author:
Justin Sherman is a contributor at WIRED, focused on technology and geopolitics. He has written for The Washington Post, The Atlantic, and many other outlets.