If there’s one thing we learned in this months-long run of the Ukraine-Russia war, it is that Russian troops are not only demoralized but have fallen short of expectations. Moreover, many of the factors of their loss could be attributed to poor military leadership compared to Ukraine’s highly streamlined directives from their generals.

Nonetheless, Russia continues to attack Ukrainians in more ways than the battle on the borders. One way they’re doing that is by cyber warfare.

Russia has been using highly sophisticated cyber-attacks to achieve its strategic objectives in Ukraine. According to reports, the Russia-affiliated hacker group “Sandworm” has conducted multiple successful hacking campaigns targeting Ukrainian government institutions, military networks, and critical infrastructure such as the electricity grid. For example, in April 2016, Sandworm deployed a powerful malware dubbed “Industroyer2” to attack Ukraine’s power grid resulting in an extended blackout across a large country area.

Cyber Security
(Source: NARA)

“Sandworm, which Microsoft calls Iridium, is an arm of the Russian military intelligence unit known as the GRU, according to the U.S. government. It shut off power in parts of Ukraine in 2015. In 2017, it unleashed the NotPetya malware in a global attack that did an estimated $10 billion worth of damage. And this fall, Sandworm’s ransomware known as “Prestige” targeted transportation and related logistics industries.

“The Prestige campaign may highlight a measured shift in IRIDIUM’s destructive attack calculus, signaling increased risk to organizations directly supplying or transporting humanitarian or military assistance to Ukraine,” according to a Microsoft Threat Intelligence Center (MSTIC) blog post. “More broadly, it may represent an increased risk to organizations in Eastern Europe that may be considered by the Russian state to be providing support relating to the war.”

Russian cyber-attacks have also been used to sabotage essential military communications systems in Ukraine. A malicious software called “Viasat” was used to compromise and delete data from hundreds of Ukrainian machines. This malicious program was believed to be part of an effort by Russian forces to disrupt communications within the Ukrainian Armed Forces before their invasion of Crimea. Additionally, according to research published by the International Institute for Strategic Studies (IISS), Russia has employed various types of malware and exploits against Ukrainian military systems throughout the conflict.

(Source: David Whelan/Wikimedia)

Moreover, cyber espionage has become an integral part of Russia’s strategy towards its neighbor. Instead of relying solely on physical operations or intelligence gathering to gain information about their opponents, Russia uses advanced cyber tools for infiltration and surveillance. According to research conducted by security firm FireEye Inc., Russian hackers have targeted more than 200 organizations in the US, Ukraine and other countries. with spear phishing emails containing malicious links or attachments designed to steal sensitive information from victims’ networks.

Russian forces have also employed cyber attacks to disrupt everyday life and create chaos among noncombatants living near the battlefields in eastern Ukraine. For example, Sandworm was linked with a series of distributed denial-of-service (DDoS) attacks against sites belonging to banks or media outlets that supported the Ukrainian government’s stance on the conflict in 2014 and 2015. Additionally, pro-Russian hackers were found responsible for numerous other cyber incidents, such as website defacement operations that aimed at intimidating users who were interacting with content related to Ukraine’s ongoing war with Russian separatists.