Russia’s Cyber Warfare: How They’re Doing It, and What It Means for Businesses


Businesses all over the world are increasingly worried about cyber attacks. Russia has been particularly aggressive in its cyber warfare, targeting Ukraine in several attacks. It is believed that they were behind the infamous NotPetya attack in 2017, which caused billions of dollars in damage worldwide. They have also been linked to several more minor attacks, such as the one on the Ukrainian energy grid in 2015. Hackers tagged with the Sandworm alias are usually thought to operate for a military intelligence agency in Russia.

Cyber warfare by Russia entails various offensive actions, such as denial of service attacks, hacker acts, dissemination of information, propaganda, and state-sanctioned teams to spread political propaganda in crypto-blogs. SORM software is also employed for internet surveillance. Cyber warfare activities frequently persecute cyber-dissidents and others who oppose the government. According to Russian investigative journalist, Andrei Soldatov, some of these activities were organised by the Russian signals intelligence agency, a part of the FSB and formerly a part of the 16th KGB department.

A 2017 report by the Defence Intelligence Agency explains that Russia’s view regarding this is “strategically decisive and critically important to control its domestic populace and influence adversary states,” categorising “Informational Countermeasures” into two groups of “Informational-Technical” and “Informational-Psychological.” Within Russia, network operations on defence, attack, and exploitation are connected with efforts to change people’s behaviour or beliefs in favour of governmental goals.

How They're Doing It

In March 2014, the earliest public mention of the Snake, the Russian cyber weapon also called “Ouroboros,” indicated that it had been used to breach Ukrainian government systems in 2010. The Snake toolset had spread progressively as said by CNE and highly intelligent CNAs. According to CrowdStrike, the APT Fancy Bear group heavily distributed an Android malware app from 2014 to 2016 designed to control the targeting data for the Ukrainian Army’s D-30 Howitzer artillery. The Ukrainian software was developed by military personnel and published on various military forums. The X-Agent spyware in the app caught the attention of the Ukrainian armed forces.

CrowdStrike applauded the success of its attack, with 80% of the D-30 Howitzers destroyed. This was the highest percentage of any artillery piece with the destruction of the wealthiest artillery manufacturer (a statistic that had not been reported before and suggested that the total Loads of the Ukrainian A.F. artillery piece had been considerably decreased). According to the Ukrainian military’s report, this line was misstated. The losses in artillery weapons “were much below those reported,” and those losses are not related to the cited cause.

The U.S. government examined the impact of a computer virus on a power grid in Ukraine that affected more than 200,000 individuals in December 2015. The U.S. government assessed that Russian hacking group Sandworm was likely guided by Moscow in the virus attack based on the research. The cyber attack on the website of Ukraine’s Ministry of Foreign Affairs and other government bodies in January 2022 may be linked to the Russo- Ukraine Conflict.

In March 2022, Russian troops entered eastern Ukraine, giving rise to tensions between Ukraine and Russia, during which a series of cyber attacks took down several prominent Ukrainian government and business websites. U.S. officials attributed the attacks to Russian actors, while the Russian government denied involvement. Launching a series of cyber attacks in quick succession, pro-Russia hackers tried to manipulate the May 2014 Ukrainian presidential election results by directing hacked emails to media and press conferences, altering online voting tallies, and flooding polling stations with DDoS attacks.

Malware that had a graphic showcasing far-right contender Dmytro Yarosh, the victor of upcoming Ukrainian presidential elections, was taken off Central Election Committee’s server just an hour before a scheduled poll closure. Channel One Russia “reported Mr. Yarosh’s victory and investment, turning to the election commission’s website as authentic, although the website had not appeared there”. It was claimed that the fabricated results were overseen using a targeted audience intended to feed the narrative concerning Russian nationalism that the Ukrainians had claimed from the outset, that ultra-nationalists and Nazis were primarily responsible for the Revolution.

In April 2015, CNN reported, “Russian hacks have led to ‘severe damage to U.S. government systems,'” and were described as “one of the most sophisticated attacks ever launched on U.S. government computers.” It was stated that the FBI, the Secret Service, and other U.S. intelligence agencies believed the attacks to be “amongst the most sophisticated ever seen.” CNN reported that Russian hackers, working on behalf of the Russian government, were suspected in the State Department email hack. Federal police, intelligence, and congressional officials briefed on the investigation said the cyber attack on the State Department email system was “the worst ever” incident of cyber intrusion against federal agencies.

In February 2016, Andrey Krutskikh, a senior Russian official in charge of cyber policy and a top advisor to the Kremlin, gave a speech at Moscow’s annual Russian national security conference. He announced that Russia was developing an experimental system to expand its information capabilities and destroy the American advantage in this area. This would essentially allow Russia to confront the United States as an equal in the age of computer technology.

From January through June 2020, APT29, or Cozy Bear, an organisation working for Russia’s Federal Security Service, breached several governments and cyber security firms in the United States, including the Treasury Department, Department of Commerce, Department of Energy, and National Nuclear Security Administration. The intrusion occurred through several computer systems called Orion. The SolarWinds network management system triggered the cybersecurity breaches. The government held a meeting on December 12, 2020, and news about the incident was disclosed the following day.

Russian intelligence services sometimes exploit these hacks for “so-called traditional espionage purposes” for “stealing information” that could help the Kremlin understand the people and governments of Russia. This might not be to leak secrets to the public.

What it Means for Businesses

All of this cyber activity from Russia can severely impact businesses. As mentioned before, the ransomware attack that originated from Russia caused a lot of damage to businesses around the globe. In addition, phishing attacks can lead to the loss of essential data or the installation of malware on a business’s computer systems. Fake news can also cause a lot of confusion and chaos, leading to lost productivity.

Costs: The costs of cyber attacks can be very high for businesses. Aside from the direct costs of the attack, such as paying a ransom, indirect costs can add to the total expenses. These can include lost productivity, damage to reputation, and legal fees.

Get Your Priorities Straight: As a business owner, it’s essential to prioritise your company’s cyber security. This means taking steps to protect your computer systems and data from attacks, and it also means being aware of the potential threats out there. You should have a plan in place for how to deal with a cyber attack if one does occur.

Businesses Should Presume they Will Be Breached: Security matters need sustained work, and while compliance is still essential, it’s insufficient to deter evolving threats. So, ensure your security team is held accountable for this duty.

Complacency will likely hinder selecting the most appropriate countermeasures at your organisation, making cyber terrorists more innovative and more effective and increasing their odds of success in the meantime. Making efforts to strengthen your defences in the face of assaults that aim at your most essential priorities will keep you at the cutting edge of technology.

Work values and your priorities can determine the resilience needed in your line of work. For example, if you rely on a particular system, such as that which must be available at all times, have you needed to test failover procedures and establish backups?

Have A Strategic Communications Plan: In the event of a breach, it’s crucial to have a plan to communicate with your employees, customers, and the media. This plan should include who will be responsible for communicating information about the attack and what type of information will be shared.

Adopting these steps will help protect your company against cyber attacks. However, it’s important to remember that no security measure is perfect and always some risk involved. Cyber attacks are becoming more prevalent and more powerful, so it’s crucial to remain updated on the latest security threats and take steps to safeguard your business.

Russia has been conducting cyber warfare for many years, and its tactics are constantly evolving. They are particularly adept at using social media and other online tools to spread disinformation and discord. Businesses need to be aware of these tactics and take steps to protect themselves against Russian cyber-attacks.

Russia has demonstrated that it is a formidable force in cyber space. As the country’s military capabilities continue to grow, businesses should take steps to protect themselves from potential attacks. An essential first step for companies is to identify the data and systems that are most critical to their operations. Once they know what they need to protect, they can take steps to protect their business. They should also be aware of the potential threats and determine what resources they will need in case of an attack. Finally, companies should make sure they have a plan for communicating with customers, employees, and the media if there is a cyber attack.

Scroll to Top