Policy paper 281

Cyberattacks in Russia’s hybrid war against Ukraine


Executive summary

  • Following the annexation of Crimea and the outbreak of military tensions in the Donbas in 2014, a decade-long cyber confrontation has been ongoing between Russia, Ukraine and the West, with Russian-backed hackers unleashing some of the most destructive cyberattacks in history. There was widespread apprehension that the Russian invasion of Ukraine in February 2022 would lead to a new wave of major cyberattacks. Although cybersecurity has certainly played a key role in the Ukraine war, this has not unfolded in the way many had expected.
  • From an internal perspective, while Russian hackers launched multiple cyber assaults against Ukraine since February, these have mostly consisted in medium to low-scale attacks involving spying, psychological disruption and ‘hybrid warfare’, which combines targeted cyberattacks with kinetic military strikes on the ground. From an external perspective, cyberattacks on Ukraine have resulted in limited spillover into Europe. Instead, Moscow has amplified its cyber espionage and disinformation campaigns against the West, attempting to sow internal disunity.
  • Remarkable cyber resilience on the part of Ukraine has been a decisive factor, with Kyiv learning from past mistakes. Europe and the West have provided extensive support to Ukraine through the transfer of IT equipment, software and the provision of training/expertise. Real-time cyber intervention from European and US cyber agencies, along with private sector assistance, have been crucial. Due to the initial expectation of a short war, Moscow poorly prepared its cyber offensive against Ukraine; crippling Western economic sanctions, together with a brain drain of Russian IT experts, have also played a role. Fear of cyber retaliation from NATO or of major cyberattacks inadvertently leading to direct military confrontation, have led to a ‘cyber-MAD’ or ‘cyber Cold War’ stand-off between Russia and the West, at least for the time being.
  • Yet, the danger of cyber escalation should not be underestimated, especially if Russian military operations on the ground are unsuccessful and the Kremlin deems itself cornered. The risk of misunderstanding is exacerbated by the involvement of a global coalition of hackers led by ‘Anonymous’, which launched a sustained campaign of cyberattacks against Russia. Hence, Europe must not let its guard down and should accelerate cyber assistance to Ukraine through existing tools like ‘Cyber Rapid Response Teams’, and by developing new ones such as civilian cyber operations. The EU also needs to do more to tackle disinformation while reinforcing its policies and legislation on cybersecurity, especially in terms of addressing the issue of weak links stemming from differentiated norms across Member States.