How the Ukraine War Has Changed Russia’s Cyberstrategy 

Defensive measures and disarray have hampered Moscow’s abilities, but that could change.

A Ukrainian soldier uses the internet on his smartphone.
A Ukrainian soldier uses the internet on his smartphone.
A Ukrainian soldier uses the internet on his smartphone at a base in the Donetsk region on Feb. 23, amid the Russian invasion of Ukraine. YASUYOSHI CHIBA/AFP via Getty Images

Over the years, Russia has built up one of the world’s most formidable cybercriminal ecosystems, with Russian hacker groups linked to disruptive cyberattacks including takedowns of one of the United States’ most critical oil pipelines and the world’s largest meat producer

Over the years, Russia has built up one of the world’s most formidable cybercriminal ecosystems, with Russian hacker groups linked to disruptive cyberattacks including takedowns of one of the United States’ most critical oil pipelines and the world’s largest meat producer

Now, Russia’s war in Ukraine has thrown that ecosystem into disarray, according to multiple new reports. The yearlong war has led to a splintering of many cybercriminal groups in both countries—and in Russian ally Belarus—along political and ideological lines. Russia’s brain drain of technology professionals as a result of the war has further weakened its capabilities, according to a report released Friday by the cybersecurity firm Recorded Future. 

“Cybercrime … is entering into a new era of volatility as a result of Russia’s war against Ukraine,” the report reads. Google researchers reached a similar conclusion in a separate report this month, finding that “[w]hile ransomware groups continue to be disruptive, the ecosystem itself has been disrupted with some groups declaring political allegiances and prominent operators shutting down.”

Ransomware attacks, in which hackers gain control of an organization’s computer systems and demand large sums of money to return access, were among the biggest concerns when Russia invaded Ukraine a year ago. While there were some isolated ransomware attacks on Ukraine and Poland late last year that Microsoft attributed to Russian military-affiliated hackers, attacks on the scale that hit Colonial Pipeline and meat processor JBS in 2021—resulting in millions of dollars of ransom payments—have largely been absent from the conflict. Ransomware payments declined by double-digit percentages across the board in 2022, according to cybersecurity firms and analysis groups. 

“In general, we’ve seen disruptions to every single commodified form of cybercrime,” said Alexander Leslie, a threat intelligence analyst for Recorded Future’s research arm Insikt Group. “It’s pretty incredible to see the scale at which dark web forums, shops, and marketplaces have been disrupted, not only by the conflict but by political differences, by IT brain drain.”

The drop in ransomware attacks is also reflective of a relative shortfall of Russian cyberattacks more broadly in the context of the war. Fears of large-scale digital disruption to Ukrainian and Western infrastructure have thus far not borne out in the first year of the war (though not for lack of trying—Google said Russia increased targeting of Ukrainian users by 250 percent in 2022, compared with 2020, while targeting of users in NATO countries went up 300 percent). 

Experts say this is not necessarily an indictment of Russia’s cybercapabilities but rather an effective Ukrainian cyberdefense, shored up by Western allies—much as on the ground militarily—and private sector companies including Google, Microsoft, and Amazon. 

That support was “crucial” to keeping Ukraine’s cyberspace relatively unscathed, said Nadiya Kostyuk, a professor at the Georgia Institute of Technology whose research focuses on modern warfare and cyberconflict. “Even though Ukraine has been building its cybercapabilities since at least 2014, they are still inferior to those of Russia,” she said, adding that Microsoft and other firms “played an important role defending Ukraine’s cyberspace and building better resilient networks and systems.”

Russia still has tools at its disposal, however, including so-called hacktivist groups that are nominally independent but are increasingly being co-opted by Russia’s military and government. Some Russian lawmakers have reportedly proposed releasing the country’s cybercriminal groups from legal liability, which would effectively make their connection with the Russian state more overt than it has been in the past. 

“Russia for over a decade has said that attackers in a geopolitical conflict or in a period of crisis targeting a Russophobic or an adversarial nation are just cybercriminals—they’re patriotic independent hackers that have nothing to do with the Russian state whatsoever,” Leslie said. 

“When it comes to Ukraine, at least in 2022, the ability to augment Russia’s cybercapabilities with nonstate actors was very limited. … This move for plausible deniability hasn’t really worked.”

And while large-scale destructive cyberattacks have not played as big a role in the conflict, Kostyuk said the effectiveness of Russia’s other cybercapabilities—particularly espionage—is not yet known. “Throughout the war, the Kremlin used the internet to collect information and intelligence,” she said. “Russia’s invasion in Ukraine demonstrated that cyberconflict is less about being an important virtual combat theater but more about being a separate set of intelligence contests and information operations.”

Governments and private companies that have played a key role in defending Ukraine cannot afford to drop their guard as the conflict drags on into its second year, with Russia having shown the ability to play the long game, said Samantha Lewis, the manager of strategic geopolitics at Recorded Future’s Insikt Group.

“There is always the threat that they’ve been withholding capabilities. I would be shocked if we were to find out that Russia had actually used the best of its best,” she said. 

“I don’t think Putin’s threat calculus has changed, and I think that the [Russian] strategy of continuing this protracted conflict until the West gets bored of supporting [Ukraine is] … more likely. But the concern is that if at some point they just decide they are going to launch those withheld operations, if they do exist, that sort of does keep me up at night.”

Rishi Iyengar is a reporter at Foreign Policy. Twitter: @Iyengarish

Join the Conversation

Commenting on this and other recent articles is just one benefit of a Foreign Policy subscription.

Already a subscriber? .

Join the Conversation

Join the conversation on this and other recent Foreign Policy articles when you subscribe now.

Not your account?

Join the Conversation

Please follow our comment guidelines, stay on topic, and be civil, courteous, and respectful of others’ beliefs.

You are commenting as .

More from Foreign Policy

An illustration shows the Statue of Liberty holding a torch with other hands alongside hers as she lifts the flame, also resembling laurel, into place on the edge of the United Nations laurel logo.
An illustration shows the Statue of Liberty holding a torch with other hands alongside hers as she lifts the flame, also resembling laurel, into place on the edge of the United Nations laurel logo.

A New Multilateralism

How the United States can rejuvenate the global institutions it created.

A view from the cockpit shows backlit control panels and two pilots inside a KC-130J aerial refueler en route from Williamtown to Darwin as the sun sets on the horizon.
A view from the cockpit shows backlit control panels and two pilots inside a KC-130J aerial refueler en route from Williamtown to Darwin as the sun sets on the horizon.

America Prepares for a Pacific War With China It Doesn’t Want

Embedded with U.S. forces in the Pacific, I saw the dilemmas of deterrence firsthand.

Chinese Foreign Minister Wang Yi, seen in a suit and tie and in profile, walks outside the venue at the Belt and Road Forum for International Cooperation. Behind him is a sculptural tree in a larger planter that appears to be leaning away from him.
Chinese Foreign Minister Wang Yi, seen in a suit and tie and in profile, walks outside the venue at the Belt and Road Forum for International Cooperation. Behind him is a sculptural tree in a larger planter that appears to be leaning away from him.

The Endless Frustration of Chinese Diplomacy

Beijing’s representatives are always scared they could be the next to vanish.

Turkey's President Recep Tayyip Erdogan welcomes Crown Prince of Saudi Arabia Mohammed bin Salman during an official ceremony at the Presidential Complex in Ankara, on June 22, 2022.
Turkey's President Recep Tayyip Erdogan welcomes Crown Prince of Saudi Arabia Mohammed bin Salman during an official ceremony at the Presidential Complex in Ankara, on June 22, 2022.

The End of America’s Middle East

The region’s four major countries have all forfeited Washington’s trust.