Get A Quote
Written by Robert Bond on 16 March 2023

What’s the Future of Cyber Warfare?

As we observe the solemn anniversary of the war on Ukraine, it’s clear that cyberattacks have comprised a significant part of Russia's armory. Cyberattacks against Ukraine surged by 250% in 2022 compared to the previous two years. Russia’s aggressive and multi-pronged cyber warfare strategy involves targeting the Ukrainian government, military entities, critical infrastructure, and the utilities, public services, and media sectors.

Multiple wiper strains – including WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, and SDelete have been deployed against Ukrainian networks since the start of the war. Meanwhile, phishing attacks aimed at NATO countries spiked by 300% over the same period. Many of these attacks were driven by a Belarusian government-backed gang known as PUSHCHA (aka Ghostwriter or UNC1151,) that's known to be aligned with Russia.


Figure 1: Phishing Campaigns by Government-backed Cybercriminals
Source: Google Reveals Alarming Surge in Russian Cyber Attacks Against Ukraine (


The effects of the war on the dynamics among Eastern European cybercriminal groups make for an interesting study. Various hacking gangs and ransomware syndicates are taking sides to further their agendas. We’ve also seen a blurring of the lines between financially motivated attackers and state-sponsored actors. For instance, UAC-0098, a threat actor known for delivering the IcedID malware, has been observed repurposing its techniques to target Ukraine through a string of ransomware attacks.

Some members of UAC-0098 are former members of the now-defunct Conti cybercrime gang. TrickBot, which was absorbed into the Conti operation last year before the latter's demise, has now systematically targeted.


Russian Cyber-instruments

The ubiquity of Russian cyberattacks isn’t surprising when we consider recent political efforts to strengthen the country’s intelligence services and bolster their operational agility. These entities include:

  • Federal Security Service (FSB)

FSB is the country’s primary domestic security agency and reports directly to Russia’s President. It oversees internal security and counterintelligence. In recent years, FSB’s remit has been expanded to include foreign intelligence collection and offensive cyber operations. It's believed that FSB augments its staff with criminal and civilian hackers. Cyber analysts have dubbed FSB hackers Berserk Bear, Energetic Bear, Gamaredon, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala. 

  • Foreign Intelligence Service (SVR)

SVR is Russia’s primary civilian foreign intelligence agency tasked with gathering foreign intelligence through human and electronic signals and cyber methods. It uses advanced technical skills to breach networks and maintain access within them. Cyber experts refer to SVR hackers as APT 29, Cozy Bear, and the Dukes.

  • Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU)

GRU is Russia’s most significant military intelligence agency. GRU cyber units operate multiple research institutes that focus on developing hacking tools and malware. Cyber analysts refer to these units as APT 28, Fancy Bear, Voodoo Bear, Sandworm, and Tsar Team.

  • Internet Research Agency

The Internet Research Agency is a private group known to support the Russian government. It undertakes pro-Russia online influence and disinformation operations through social media channels and is known to impersonate domestic activists and other individuals as part of these efforts.


Mitigation and Defense Tactics

Despite the scope and sophistication of Russia’s cyber warfare operations, their impact hasn’t been as devastating on Ukraine as was initially expected.

This may be attributed to advances in defense technologies and the cyber-resilience of Ukraine. While the country hasn’t been able to seal its systems from Russian penetration completely, it’s adopted robust remediation and recovery tactics, such as backing up its files in overseas servers. 

Ukraine was well-prepared because it’s been hardening its environment and strengthening its defenses for years. The country had been the target of substantial attacks from Russia well before the war broke out. These include strikes against the power grid in 2015 and 2016 and a 2017 virus aimed at Ukrainian businesses.


The Rise of Cyber Sanctions

While it’s clear that cybercrime will continue to play an integral role in future armed conflicts, the rest of the world is taking steps to disrupt and deter it: 

  • In 2015, the US issued its first cyber sanctions when President Obama’s Executive Order 13694 “authorized the imposition of sanctions on individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities that result in enumerated harms that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the US.”
  • In 2020, the European Union also introduced cyber sanctions by targeting six individuals and three entities from Russia, China, and North Korea who were “involved in significant cyber-attacks or attempted cyber-attacks against the EU or its member states.”
  • In February this year, the US sanctioned 22 individuals and 83 entities in Russia and 30 individuals and companies in third-party countries that assisted Russia in evading previous American sanctions. In the same month, the US and UK governments announced joint measures against seven Russian cybercriminals known to be members of the Trickbot malware gang. 

The scope of cyber sanctions and regulations is now broadening to include terrestrial and space networks. On March 2, 2023, the White House released a national cybersecurity strategy, identifying Russian and Chinese hackers as major threats to these infrastructures. In a statement, the White House said, “We face a complex threat environment, with state and non-state actors developing and executing novel campaigns to threaten our interests.”


Conclusion – The Next Frontier

As nations’ powers continue to grow, we’ll likely see more clashes in cyberspace than we have in the past. Diverse systems will be affected, and larger populations and areas will be subjected to more brazen tactics. When it comes to cyber warfare, everyone is vulnerable because there are no ground rules. 

Mitigating the impact of future cyber warfare activities requires collaboration and intelligence sharing between governments, industry bodies, and businesses. Importantly, it will require getting the correct information to the right groups at the right time.

For their part, organizations need to be proactive about minimizing risk and preparing to respond if (or when) the worst happens. This should include the following:

  • Looking for possible vulnerabilities in their cyber supply chains
  • Requiring third-party software vendors to demonstrate that they’re prioritizing cybersecurity
  • Testing their incident response plans — including running scenarios and drills — to ensure their plans are sound and that everyone is clear on what they’re supposed to do in a crisis

Related Posts

Don't Wait.
Get a quote today.

Toll Free 1 866-430-8166Free Quote
Secure Your Organization Today.