After three weeks of fighting, Russia is beginning to deploy increasingly brutal tactics in Ukraine, including indiscriminate shelling of cities and “medieval” siege warfare. Other elements of its military strategy, however, are conspicuously absent — cyberwarfare among them.
Russia has a history of employing cyberwarfare tactics, which some experts believed could feature prominently in its invasion of Ukraine. The cyberattacks launched by Russia in the conflict so far have been relatively minimal though, and far less damaging than they could have been.
While Ukrainian government websites were the target of distributed denial of service (DDoS) attacks shortly before the invasion, for example, a larger attack, possibly knocking out Ukraine’s power grid or other key infrastructure, hasn’t taken place.
“I think the biggest surprise to date has been the lack of success for Russia with cyber attacks against Ukraine,” Stephen Wertheim, a senior fellow in the American statecraft program at the Carnegie Endowment for International Peace, told Vox. “This has not been a major part of the conflict.”
That’s particularly odd since the threat of cyberwarfare by Russian entities was already a major concern for the West, even before the recent escalation of the Russia-Ukraine conflict. It was widely established that Russia may have significant cyberwarfare capabilities following successive cyberattacks it launched against Ukraine after Russia’s 2014 annexation of Crimea.
Notably, a pair of attacks in 2015 and 2016 took out power in parts of Ukraine, albeit at a relatively small scale. Since then, according to a Politico story from February, the United States and allies have attempted to bolster Ukraine’s power grid, but “nobody thinks it will be enough.”
In 2017, Kremlin-linked hackers launched a different kind of a cyberattack in Ukraine: a ransomware program known as NotPetya, which encrypted any data it reached, leaving the data’s unsuspecting owner locked out from accessing their own files. Victims were told to pay a ransom of $300 in bitcoin if they wanted access to their data returned. But the ransomware attack spread beyond Ukraine’s borders, infecting computer networks of companies around the world. According to a former US official, the attack resulted in more than $10 billion in total loss in damages, and the NotPetya attack is now regarded as one of the worst cyberattacks in modern history.
The US has not been safe from such cyberattacks, either. In 2021, for example, a group of Russia-based cybercriminals hacked into the IT network of Colonial Pipeline, a major oil pipeline system that carries gasoline and jet fuel to the southeastern US. The company was forced to pay a ransom of $5 million in exchange for the extracted files.
Despite the apparent vulnerabilities in Ukrainian and Western cyberdefenses, though, more sweeping cyberattacks haven’t to date been a part of Russia’s war in Ukraine.
Why hasn’t Russia launched major cyberattacks yet?
The lack of full-scale Russian cyberattacks is a phenomenon that has surprised some experts, including Wertheim.
“On some level,” he said, “the reason Russia launched a full-scale war against Ukraine is precisely that it didn’t think cyber means were sufficient. But one might have expected the war itself to have involved more cyber operations.”
It’s difficult to know exactly what is behind Russia’s behavior, but experts have speculated about a number of potential reasons why Russia has hesitated to launch any stronger attacks. Some have theorized that Russia’s cyberwarfare capabilities may have been inflated, which is why it has not thus far launched a more sophisticated cyberattack against Ukraine or its Western allies.
However, a more likely reason may be that Russia is still weighing its options carefully, and is simply waiting for the right time to respond.
“It could be that Russia fears retaliation that would set its cause back, at least at this point,” said Wertheim, noting the relative lack of progress by Russia’s armed forces so far. “Perhaps over time, if and when Russian leaders believe that the situation is stabilized then Russia would be better able to absorb retaliation, it could launch a cyberattack then. It’s possible.”
Given the setbacks that Russia has encountered on the battlefield, combined with the notable resistance by Ukrainian forces that have held steady against Russia’s attacks for the last three weeks, it may also be a matter of Russia prioritizing its military actions, according to Wertheim.
“There might just simply be a kind of finite attention problem operating for [Russia],” he said.
According to Olena Lennon, an adjunct professor of political science and national security at the University of New Haven, setbacks for Russia include the loss of junior, and even some higher-level, commanders among its military personnel, which may be affecting its operations on the ground.
“We’re definitely seeing some leadership deficiencies that could explain some of these surprises,” Lennon said.
The US could also be a target of Russian cyberattacks
US authorities were already wary of a possible cyberattack from Russian hackers as a potential response to US support for Ukraine. That concern has only increased following major sanctions imposed on Russia by Western powers, as well as escalating rhetoric from Russian President Vladimir Putin.
Putin described the sanctions as “akin to declaring war,” and Russian government officials have warned there will be swift action from Russia in response. US officials warned public and private entities of potential ransomware attacks after President Joe Biden announced initial sanctions against Russia late last month.
“DHS has been engaging in an outreach campaign to ensure that public and private sector partners are aware of evolving cybersecurity risks and taking steps to increase their cybersecurity preparedness,” a DHS spokesperson said in a statement to the press.
But the strong response against sanctions that Russian officials have warned of has yet to materialize in the weeks since. Although it’s certainly possible that Russia will react to US sanctions at some future point, the absence of action so far is notable, according to Wertheim.
“It’s very hard to sort of assign exact probabilities to these kinds of things,” Wertheim said. “But it’s notable that there hasn’t been a response. And I think it remains a real possibility that even if the West does nothing more to escalate in a conflict that Russia could do so by undertaking what it believes is retaliation.”
That could be particularly likely as the impact of already-imposed sanctions continues to mount. Sanctions have had an enormous effect on day-to-day life inside the country: The value of the ruble, Russia’s official currency, has plummeted to less than 1 cent, and Russian citizens have already seen price surges, particularly for electronic goods and appliances. The early price hike has motivated many residents to stock up on items in case prices continue to rise as the conflict rages on.
“For the past few days, it’s been like Christmas for us,” one electronics-shop staffer told the Financial Times. “People are ready to buy things even [though] we have been raising prices every few hours based on the forex situation.”
With heavy economic sanctions already in place, Wertheim says there are potential risks to pushing Putin further into a corner, which in itself could motivate Russia to take more drastic measures — including, potentially, cyberattacks — as the war continues.
“What I most worry about is a circumstance in which Vladimir Putin thinks that his regime may be teetering and that he has to do something dramatic to change the status quo in order to maintain his grip on power,” Wertheim said. “And, thus, perhaps his own personal survival.”
Correction, March 20, 9 am: A previous version of this story misstated the year of the Colonial Pipeline hack. It was 2021.