X

A Year Into Russia's Invasion of Ukraine, We're Still Bracing for a Massive Cyberwar

Russia's assault on Ukraine, entering its second year, has been largely a physical war. Experts are still concerned that can change.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
5 min read
Lines of binary code, some of it blurry, in blue and yellow

One year after the invasion, Russia's war on Ukraine drags on.

Getty Images

Over the past year, the Russian military has wreaked havoc on Ukraine. More than a hundred thousand people have died, and billions of dollars in property has been destroyed. The global political balance has been turned on its head.

But what's surprising is the one thing that has yet to occur: an all-out cyberwar.

There have been cyberattacks against Ukraine, along with attempts to disrupt political activities and launch disinformation campaigns in the countries that have supported Ukraine, but as the conflict rolls into its second year, the cyber Armageddon some experts predicted hasn't materialized.

This runs counter to conventional wisdom and expectations. Before the invasion, cyberattacks in Ukraine that were attributed to Russia had attempted to shut down the country's electrical grid, which would knock out power to hospitals and other critical infrastructure. Malware from prior attacks disabled some systems and inadvertently spilled out to companies far outside Ukraine's borders.

Losing heat and electricity during Ukraine's brutal winters could have deadly consequences. But since the invasion, a full-on assault on the grid hasn't happened, at least not yet. Instead, Russia has focused on more traditional methods of warfare, like missile strikes and troops on the ground. Though tragic and deadly, this game plan has kept the destruction within Ukraine's borders.

The lack of a major attack underscores the fact that even Russia — which has flouted international norms in its brazen assault — must walk a fine line when it comes to digital warfare. Observers say it's possible that both Russia and Ukraine don't want to risk starting a massive global cyberconflict that could more directly draw in bigger players like the US.

Regardless, the threat of an all-out cyberwar and the destruction it could cause still looms.

"If you talk to the absolute top people in the intelligence community, they still say they're a little surprised we haven't seen a vicious attack," Sen. Mark Warner, a Democrat from Virginia, said in an interview with CNET in January at CES.

But Warner, who chairs the Senate Intelligence Committee, said that could easily change as the war enters its second year and the economic and political strain on the Russian government grows.

"I absolutely believe that they have additional cybertools and weapons that they've not used yet," he said.

A history of cyberattacks

Ukraine is no stranger to Russian cyberattacks. Attempts to take down its critical infrastructure, like communications, media and the power grid, go back a while. The conflict between the two countries has been going on for years and included Russia's 2014 annexation of Crimea. 

The fallout from those attacks has sometimes extended beyond Ukraine's borders. For example, the NotPetya attack, attributed to Russia, crippled computers across Ukraine in 2017 before spreading to unintended targets far outside the country. The malware locked up files in a manner similar to ransomware, but its true purpose was to destroy data rather than make money.

As a result of these earlier attacks, expectations were high that an online assault would be a key part of a Russian invasion, said Dick O'Brien, principal research editor for Symantec's threat intelligence team.

"They had proved themselves to be masters of hybrid cyberwarfare," O'Brien said, referring to the unconventional mix of military and nonmilitary threats, ranging from disinformation to economic pressure.

Just before the start of the war, in early 2022, Russia hit dozens of Ukrainian government computer systems with destructive malware. Later attacks knocked government websites offline, and as the invasion started, Russia attacked Ukraine's satellite communications.

Those attacks grabbed headlines, but once the war officially started, Russia's focus largely shifted to the physical destruction wrought by bombs and guns, though cybersecurity researchers say online attacks and disinformation operations continued quietly in the background. 

That could be because Russia just wasn't planning for the long term when the conflict began, said Adam Meyers, senior vice president of intelligence at CrowdStrike. He added that, at least early on, the Russians probably avoided targeting critical infrastructure with cyberattacks because they thought they were going to need to use it soon. 

"The Russians expected a swift victory — that they would drop into Kiev, capture or kill [President Volodymyr] Zelenskyy and put a friendly regime in place," Meyers said. "That did not happen."

Researchers say Russia's cyberattacks against Ukraine have continued but are lower profile and more targeted.

In a report released Feb. 16, researchers for Google said the Ukrainian government is still under a "near-constant digital attack." They pointed to an increase in the use of destructive cyberattacks on Ukrainian government, military and civilian infrastructure. 

They also noted a spike in spear-phishing activity, or attempts to take control of key online accounts by stealing logins and passwords. The phishing has targeted government organizations, think tanks and journalists in NATO countries. It's been accompanied, too, by a rise in other kinds of cyber operations bent on furthering Russia's goals, including a July attempt to "hack and leak" the emails of politicians in the UK.

At the same time, the researchers said, Russia has launched disinformation campaigns both in Ukraine and on a global scale designed to undermine the Ukrainian government, break down international support for Ukraine and bolster Russian support for the war. 

A possible cyber stalemate

The Ukrainians themselves have grown resilient, thanks to past cyberattacks, and both Ukraine and Russia have learned a lot from their past history.

Warner, who's served on the intelligence committee since 2011, said he thinks it's possible Russia has been so "freaked out" by the widespread destruction caused by NotPetya that if it was going to go "cyber nuclear" and let something out that goes beyond the targeted network, they'd be worried that it might take out their own systems or that the US could respond with some of its own cybertools.

Ukraine's cybertools also shouldn't be underestimated, said Gil Shwed, CEO of Israel-based global cybersecurity company Check Point. 

Shwed said he thinks both countries might be being "a bit careful" when it comes to cyberattacks — Ukraine because it's worried about the possible consequences if it attacks Russia too much.

"And Russia knows that the power they're using is limited, not unlimited," Shwed said, noting that once a cyberweapon is exposed, it can often be used by people and countries other than its original creators.

"Maybe they have good reasons," Shwed said of Russia. "As much as this is horrible, it could be much worse."