Russia Set to Ramp Up Attacks on Ukraine’s Allies This Winter

Written by

Russia is set to ramp up cyber campaigns targeting Ukraine’s allies as kinetic warfare slows this winter, according to a report by Cyjax.

Researchers noted that Russia’s missile production is struggling to keep pace with its tactical, operational and strategic usage, due to factors including economic sanctions and a shortage of workers.

As a result, cyber warfare will need to play a key role in preventing Ukraine from meeting the conditions necessary to overcome positional warfare.

The report observed that overall, Russian cyber-attacks have been far less effective at impacting critical national infrastructure (CNI) in Ukraine than initially believed. While many key supporting networks have been taken down, they did not stay offline for sufficient time, the report noted.

Ian Thornton-Trump, CISO at Cyjax, told Infosecurity that Ukraine’s cyber resilience has broadly remained steadfast throughout the conflict.

“Ukraine has continued to improve its resilience by reducing what it’s actually putting out on the internet,” he noted, “Ukraine has spent a lot of time, with the support of NATO, to help them in that cyber mission.”

How Will Russia’s Cyber Tactics Evolve This Winter?

In the 2022/2023 winter, Russia increased the number of cyber-attacks against Ukraine’s allies, which Cyjax believes reflected the Kremlin’s failures on the battlefield in 2022 alongside its inability to stop Western material from reaching Ukraine.

As we head into winter 2023/2024, the Russia-Ukraine kinetic conflict has moved into a more stagnant phase. Russia is determined to prevent Ukraine from regaining the offensive and a key factor in this strategy is to hinder the supply of arms and other equipment from the West.

The use of wiper malware to target CNI outside of Ukraine could be one tactic deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.

“It is likely cyber defenses outside of Ukraine have remained comparatively weak as they have not been so heavily targeted in comparison to those of Ukraine,” added the report.

Disinformation campaigns targeting among Ukraine’s allies are also likely to increase as public support for the financial and military assistance to Ukraine wanes. This is especially important given the vast number of national elections planned next year, such as in the US Presidential and Federal Elections.

“Making the populace very unhappy with the current government they have, because the more division you can create in the population, the more misinformation can be fed into that and it becomes a feedback loop,” commented Thornton-Trump.

He set out three key goals of targeting Ukraine’s allies through cyber campaigns:

  1. Embarrass enemy governments
  2. Make life difficult for their citizens
  3. Intervene and be divisive in politics

Co-ordinating Cyber Activity with Iran and North Korea

Russia is currently struggling to produce novel and effective malware due to a growing shortage of cyber professionals in the country, the Cyjax report noted.

Thornton-Trump said: “You had a lot of IT workers, and workers in general of fighting age leaving Russia by any sort of mechanism they can.”

He added that many others with IT skills have already been recruited into the military and sent to the frontline.

Therefore, as Russia turns to Iran and North Korea for the supply of military weapons, Thornton-Trump expects greater collaboration between these nations in cyber-warfare also.

This could be beneficial in advancing each of their respective foreign policy agendas.

Mitigating Russian Threats in the West

Thornton-Trump set out a range of additional measures that governments and organizations can use to reduce the impact of attacks from Russia this Winter and beyond:

  • Reduce the attack surface by minimizing what is stored on the internet
  • Move faster in sharing threat actor intentions and vulnerability warnings cross borders
  • Encourage governments to step in to fix vulnerabilities when an imminent threat is detected 

Image credit: Seneline /

What’s hot on Infosecurity Magazine?