Why We Haven’t Seen Debilitating Cyberwar in Ukraine

Experts discuss the apparent lack of highly visible cyberattacks by Russian state hackers during the Ukraine invasion.
Image: Anastasia Vlasova / Stringer
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

For years, Russian state hackers have used Ukraine as a training ground, testing out methods to shut off sections of the country’s electricity with hacking tools or letting potent malware run amok. Suspected Russian hackers also deployed wiping malware at the start of the recent conflict, and hackers targeted internet company Viasat and knocked out some communications. But hacking has taken something of a backseat, or at least has not been as ruthless as some might expect as the war enters its 23rd day.


Russia’s invasion of Ukraine seems like a good reason for it to use every offensive cyber capability it has, so why does it seem that so far hacking has not played a more obvious role in the war?

One key reason is that, despite all the attention that cyber attacks get during times of relative peace, kinetic weapons such as the missiles that Russian troops are firing onto civilian areas are a higher priority once conventional war breaks out.

Victor Zhora, the deputy chief of Ukraine's State Service of Special Communications and Information Protection, recently gave three potential reasons for why Russian hacking hasn’t been worse during the invasion. One was that Russian hackers are not nimble enough to compromise Ukrainian targets during the invasion; a second was that stealthy cyberattacks aren’t that useful when compared to the damage that Russian troops are doing with missiles and bombs; and thirdly that Russian hackers are too busy protecting their own digital infrastructure.

Thomas Rid, professor of strategic studies at Johns Hopkins School of Advanced International Studies, told Motherboard that the first and third options are not really credible. Instead, he said he leans towards a “version” of the second point.


“But this isn't about ‘stealthy’ computer network exploitation. Proper computer network attacks are very rarely "stealthy," because their goal is to mess with targets,” he said in an online chat. “Such digital covert action, of course, is usually designed to be deniable, and very rarely do governments take credit for such operations. But the key point is probably this: digital sabotage is effective also for psychological reasons, think of the extraordinary press coverage previous cyber operations targeting Ukraine have received.”

Do you know about any other hacks around the Ukraine invasion? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

In 2015, Russian hackers managed to turn off the lights in a section of Ukraine. The following year, they did much the same. NotPetya, one of if not the largest cyberattack ever, started with the poisoning of a software update from a Ukrainian accounting company. As Rid said, all of these, rightly so, received massive media coverage.


But at the moment, the psychological aspect of cyberattacks is likely outweighed by that of missiles dropping onto residential blocks in Ukraine.

“An ongoing, brutal war with such powerful images is changing the psychological environment for digital sabotage, crowding it out of the news cycle—one more reason why hacking is probably less attractive right now,” Rid added. He pointed to how the hack of Viasat has not broken through the news cycle at this point.

“Under normal circumstances it would be one of the biggest infosec stories of the year, if not bigger,” Rid said. At the moment, it is more of a footnote to the ongoing, physical war.

John Hultquist, VP of Intelligence Analysis at cybersecurity firm Mandiant largely echoed those points.

“Russia has other tools to disrupt Ukrainian infrastructure, like kinetic weapons, and may not need to lean on cyber in their campaign. Cyber capabilities are great tools before war starts because they are reversible and nonviolent, but in open conflict when restraint is no longer an issue, they may no longer be appropriate. Also, the psychological effects of cyber capabilities may be blunted in the mortally dangerous situation Ukrainians find themselves in,” he said in an emailed statement. “We are likely to see more cyberattacks as this war continues, but Russia may find they are better used outside of the conflict zone, where their particular advantages are more appropriate.”

And, of course, weapons can provide more reliable operational results than any sort of cyber-focused alternative.

“Conventional munitions are more reliable than cyberattacks. They disable infrastructure more reliably than cyberattacks, and once hit, the target is disabled in a way that keeps it disabled for an extended period of time,” Matt Tait, a cybersecurity expert, told Motherboard in an online chat.

“Cyber attacks will probably retain their specific tactical effects throughout the war, but it is also less likely we will learn about such successful technical sabotage while the shells and missiles are still exploding,” Rid added.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.