Russia's yearlong cyber focus on Ukraine
The last year of Russian cyber aggression has never prompted the all-out cyber war many feared, calling into question how cyber tools will realistically be used in future wars.
The big picture: A year into the invasion, Russia's most aggressive cyberattacks have stayed inside Ukraine — rarely taking a highly anticipated turn toward Western allies.
- When the war began, government officials and security experts warned of possible electric grid takedowns and another unintentional global malware attack similar to the 2017 NotPetya incident that affected businesses in more than 60 countries.
Instead, Russia's cyber aggression has been a "mixed bag," Ciaran Martin, managing director at Paladin Capital Group, told Axios.
- Russian government-backed hackers targeted people in Ukraine more than they targeted people in any other country last year, according to a Google report released last week.
- Russia launched disinformation campaigns, conducted espionage, and targeted organizations with lower-level phishing emails and malware wipers throughout the year, experts told Axios.
- But "for all its murderous thuggery in Ukraine, Russia has not, to my knowledge, taken overly aggressive steps against the West," said Martin, who is also the former CEO of the U.K.'s National Cyber Security Centre.
Why it matters: The war in Ukraine is the first physical war that's involved a top-tier cyber adversary, setting a template for what cyber's role in future wars could look like.
- The war has shown that most military cyber operations aren't similar to firing a shell from an artillery piece, said Daniel Thanos, head of Arctic Wolf Labs.
- More sophisticated attacks take years to plan, and lower-level techniques work better as psychological warfare against the people of Ukraine, John Hultquist, head of threat intelligence at Google-owned firm Mandiant, told Axios.
Between the lines: Experts have several theories for why Russia hasn't pursued the global attack most people predicted.
- Russia knows that launching destructive attacks against Western countries would invite more sanctions and military strikes from the West that it lacks the resources to fend off, Martin said.
- Russian military and intelligence officials have hyperfocused on their operations inside Ukraine, leaving little time to plan attacks on the West, Emily Harding, deputy director and senior fellow at the Center for Strategic and International Studies, told Axios.
- Russian officials could be struggling to break through Western cyber defenses and plan bigger attacks, making them eager to pursue smaller attacks that require fewer resources, Hultquist said.
Yes, but: Russia has still targeted the West through low-level distributed denial-of-service website disruptions and cyber espionage, Hultquist said.
- Russian hacktivist group Killnet has become notorious for overloading Western organizations' websites with bot traffic.
- In terms of cyber espionage, "there's just more now than there's ever been," Hultquist said.
The intrigue: Ukraine has put up a strong fight against Russian aggression, experts said.
- Ukraine's sophisticated cyber defense — which was bolstered by support from Western governments and large technology companies — could have prevented Russia from being able to take resources away from targeting the country.
- For instance, in April, the Ukrainian government said it had thwarted a Russian attempt to damage its electric grid.
Threat level: Russian forces turning their attention to Western organizations is still a real possibility.
- Russian officials could decide to launch more destructive cyberattacks against NATO organizations if they get frustrated with the continued support from the military alliance, said Harding, a former top Senate Intelligence Committee aide.
The bottom line: U.S. and European organizations still need to remain vigilant against Russian threats — even if Russian cyberattacks, so far, haven't had much impact outside of Ukraine.
Sign up for Axios’ cybersecurity newsletter Codebook here.