When Russian President Vladimir Putin launched an all-out, illegal war on Ukraine in late February, many analysts and other observers expected to see a cyber Armageddon take place as part of the conflict. Given Moscow’s penchant for disruptive cyber operations, such as attacks by Russian military hackers that shut down Ukrainian power grids in 2015 and 2016, it seemed natural that the Kremlin would try to take out electrical stations, internet systems and other critical infrastructure. And when those expectations did not materialize, the initial surprise quickly turned into declarations that Ukraine had won the “cyber war.”
But it’s still possible that Moscow will turn up the dial on its cyber operations. A Ukrainian government assessment from last week said as much, warning that Kyiv is preparing for increased attacks on Ukraine’s critical infrastructure as winter nears. Placing too much stock in speculation about Russia’s cyber operations to date distracts from this present risk.
Moreover, the notion that Moscow has not used cyber operations during the war in Ukraine is inaccurate. Before the actual invasion, the Russian military launched distributed denial of service—or DDoS—attacks against Ukrainian banks and government websites to knock them offline, as well as wiper attacks to destroy data from computer systems in the country and other attacks on sensitive information infrastructure. This pattern is consistent with previous uses of Russian cyber operations to shape the battlespace as well as the information environment around it, as with Russian DDoS attacks on Georgian websites during the 2008 Russo-Georgian War. During the ongoing war in Ukraine, Russian government hackers have also targeted Ukrtelecom, one of Ukraine’s biggest telecommunications providers, disrupted the operations of U.S. satellite company Viasat and targeted other communications organizations and government agencies, among other attacks.