Russia is investing a lot of money in its cybernetic systems and agency networks
Ukraine has found itself on the frontline of Russia’s growing cyber strategy over the past decade. Other states in the region must now learn from Kyiv’s experiences in order to develop an effective response to such actions.
The Russian Federation is investing heavily in state-controlled cyber groups. These systematically carry out industrial espionage and intelligence activities using various methods. For example, the Kremlin has interfered in elections and referendums, stolen and leaked compromising information, and disabled banking systems. Ukraine has become a testing ground for many of these tactics over the past ten years. Despite this, the activities of such groups in other regional states prompted us to write about Moscow’s actions. Overall, the Kremlin appears ready to move to a new stage of provocations in Eastern Europe in order to counter NATO’s military infrastructure. What will these actions look like in the future and how can Ukraine’s experience help its neighbours in Europe?
While some of these pro-Moscow groups have engaged in “petty hooliganism” online, others have pursued targeted espionage. This second group naturally has more human and financial resources. They not only go after military and political targets but also industrial groups in order to close gaps in development. These tactics were developed in the USSR even before the Cold War. Beyond these two groups exists an “elite” section of Russian cyber troops, who aim to significantly influence the situation in other countries over a long period. They have the means to bypass expensive defence systems, target objects of strategic importance and disable banking systems. Recent reports have also discussed the danger that Russia’s hackers pose to transoceanic cables. Any action, however, will likely be blamed on “stateless” groups whose links to the Kremlin can be easily denied.
So, would the United States be this elite group’s first victim before a hypothetical invasion of Ukraine?
Yes, this is most likely the case. Any attack would likely occur in Germany and more precisely Washington’s various military bases in the country. Other countries that are home to critical US infrastructure would also be prime targets. However, the United States would find ways to quickly solve any problems caused by an attack and move on to help repel (or prevent) the invasion of Ukraine. The Russians are subsequently looking to place the United States in a state of temporary paralysis. This could be achieved by targeting the country’s main energy and banking systems. Moscow could also attack the security of key airports in order to cause chaos in the air. These actions may for some time (from several hours to several days) prevent Washington from reacting to any Russian operations in Ukraine. Any such action by the Russians is likely to dramatically and unequivocally change public opinion in America. Attitudes regarding Moscow will be even less ambiguous than during the Cold War following any attack. Of course, no US administration will be able to ignore such actions. Washington would launch countermeasures, including asymmetric responses.
How real is this threat today if Russia is capable of properly carrying out such operations? Discussion surrounding these issues often remains based on conjecture, as Moscow concluded that it must be more cautious after interfering in the 2016 election campaign. The United States needs to be more vigilant regarding countermeasures and take action to stay ahead. Until approaches to cyber-security are changed, the side under attack will most likely lose in any scenario. The US should subsequently not be afraid to use hybrid methods against the Russians. Now would be the right time for such actions, as they would encourage Moscow to withdraw troops from the border areas near Ukraine. Simply increasing funding or strengthening cyber-security systems will not save government agencies from a planned attack by other state-funded bodies. One possible solution could involve the creation of a dedicated “cyber rescue service”, which would be able to withstand real-time attacks. Of course, the maintenance of such a network will require much more money than any “elite group” of specialists. However, we think that it would currently be more effective to use these more “traditional” asymmetric measures when faced with enemy attacks.
A wave of cyber-attacks has recently swept Ukraine. Apart from Russia, could anyone else theoretically be behind these strikes? At present, colossal resources are not needed to commit crimes of this magnitude. However, they are unlikely to happen without state cover. First, the group must be experienced and use many online addresses and forms of communication. Such groups are often created arbitrarily in order to access valuable information and demand funds for its return. Individuals within these groups are often recruited by Russia’s law enforcement bodies as “talented people”, who work for these organisations in return for an amnesty on their previous work. Secondly, professional equipment is needed to erase any trace of the operation and mask its real location. Finally, vast resources are needed to carry out initial scans to find vulnerabilities in targeted networks. Such groups will often be scattered across different places, sometimes in areas where it is difficult to determine location.
So, in theory, any regional leader could put in place a network that could gather information and subsequently intimidate opponents. Russia and China are the leaders in this field but they are not the only actors. The UNC1151 cyber group in Belarus has been involved in many pro-government operations. However, it is difficult to call Belarus an independent or influential state in the region.
As a result, what was the purpose of this aforementioned attack on Ukraine and what can we expect to happen next?
This is not the first time that Ukraine has encountered such actions. For example, back in 2017 the country suffered from the WannaCry virus that also disrupted banking systems, airports and hospitals in many other countries. This year also saw the NotPetya virus affect government agencies in Ukraine and around the world. In 2020, the United States accused the hacking group Sandworm of this attack. This organisation is made up of members of the General Staff of the Russian Federation and has also attempted to break into the network of the US National Security Agency. In spite of the seriousness of these actions, Sandworm is still overshadowed by the decades-old APT29 group (The Dukes, Cozy Bear, Grizzly Steppe, etc.). This group has operated from the heart of Moscow for a long time and has carried out attacks in many regions of the world.
Overall, it appears that there are four distinct though interconnected structures responsible for cyber espionage within the Russian security system. These are the Federal Protective Service (FSO), the Federal Security Service (FSB), the Foreign Intelligence Service (SVR) and the Russian Central Intelligence Agency. The FSO has a dedicated subdivision called Spetsvyaz, which is home to the specialist 16th (cyber intelligence) and 18th (foreign operations) centres. There is currently no special department in the SVR. The aforementioned APT29 group was established by and operates together with the FSB. The GRU has its own specialist 6th Directorate and group called APT28 (Sofacy, Fancy Bear).
This body recently interfered with the internal network of Poland and stole information about the state of some parts of the Polish armed forces. It is known that more than 1.7 million items related to military equipment were stolen (information ranged from anti-tank missiles to fighter jets and military locations in the country). From this documentation, it was possible to understand
various technical issues and difficulties that exist within the country’s military. The Polish defence ministry later said that the information did not pose a threat to national security but this is only one known source of information. Russian intelligence regularly recruits agents in many countries as part of its attempts to obtain data of strategic importance.
Intimidation tactics in Ukraine in relation to reports of mines are not new. It is difficult to forget the periodic raids that affected office buildings, schools, universities and many other institutions. The large-scale nature of these actions leaves us with no doubt that they are the work of dedicated intelligence groups. In order to implement such actions, it is necessary to appropriate equipment that will cover the operation’s tracks. A dedicated operator is also needed to monitor the response of law enforcement. The main goal of these attacks is to instil fear in a respective population regarding their security. As a result, the principles of this work have not changed since the middle of the last century. Other goals include the creation of viral (self-propagating) content or news that will increase unrest in a society that is already vulnerable to manipulation. After such an operation is completed, another is often being prepared in another region.
In practice, these groups are usually located in border areas or those that do not have a generally accepted legal status. Examples include the temporarily occupied territories of the Donetsk and Luhansk regions. Technically, it is easier and safer to organise attacks from these areas because they are out of reach of the Ukrainian armed forces. Kyiv fully believes that Russian specialists are constantly testing the perceptions and reactions of both Ukraine’s authorities and citizens in relation to cyber-attacks. In addition, the public information field is currently swarming with information and propaganda related to a potential invasion. The promotion of statements made by incompetent government officials further sows panic and makes future attacks more effective. Such offensive actions may also include the sabotage or “capture” of strategically important facilities. However, it must be stated that such testing can last for years and be quickly defeated by civil societies that refuse to be provoked by the Kremlin’s intelligence groups.
The Russian state has formed many effective intelligence networks through its special services and has often used them to specifically target Ukraine. It is now only a matter of time before the actions of these specialists also deal a serious blow to Kyiv’s western allies. Hackers can strike at critical infrastructure and deprive military headquarters and command posts of the ability to respond quickly to ongoing events. In addition, the Russians continue to gather information on the real readiness of the Polish, Baltic and American armed forces. It is clear that Russia is preparing to strike another blow against the West. This could involve spreading doubt about the United States’ commitment to its allies in Eastern Europe. Moscow may also assist Iran with its nuclear programme or fund various non-state movements to push its own interests. The Kremlin’s tactics of intimidation against its neighbours have led to panic among investors in Ukraine. It is likely that similar measures will be taken against Vilnius, Riga and Tallinn. Poland will also feel the pressure when it comes to its weak points in defence. Specialists from across the region must now look to Ukraine’s experiences in order to develop an effective response to the various activities of the Russian special services.
Mykola Volkivskyi is a Lane Kirkland scholar and founder of both the Foundation of Development of Ukraine in Poland and the Institute of Government Relations in Kyiv. His areas of interest include international politics, diplomacy and European studies.
Yuri Vanetik is an attorney, investor, trustee of the University of California, Hastings, and Lincoln Fellow at the Claremont Institute. He was appointed by former California Governor Schwarzenegger to positions such as Criminal Justice Commissioner, California Lottery Commissioner and Economic Strategy Commission.
Artem Oliinyk is a political scientist, head of the International Association for Political Science Students in Ukraine and research assistant at the Academy of Political Sciences. His areas of interest include political science, international relations and integration processes.
Dear Readers - New Eastern Europe is a not-for-profit publication that has been publishing online and in print since 2011. Our mission is to shape the debate, enhance understanding, and further the dialogue surrounding issues facing the states that were once a part of the Soviet Union or under its influence. But we can only achieve this mission with the support of our donors. If you appreciate our work please consider making a donation.