Vladimir Putin’s war in Ukraine has not gone to plan. As sanctions sink their teeth deeper into the Russian economy, and battlefield losses continue to pile up, the Russian leader has found himself with yet another headache, one that just months ago would have seemed absurd.
Since the invasion began on February 24, Russia has become the target of a seemingly unrelenting cascade of cyberattacks. While the Russian state and its citizens are no stranger to cybercrime and espionage, the sharp rise in hacks since the Russian Armed Forces began rolling into Ukraine is unprecedented. From Ukrainian state-affiliated intruders, to “hacktivists” such as Anonymous, and even lone wolves, Russian entities have been paying the price for Putin’s invasion.
Ukrainian intelligence has released tranches of data that it reports contain names, birthdays, passport numbers, and job titles of Russian troops who had been stationed in Bucha, now infamous for the horrors and devastation Russian troops left in their wake there. Another allegedly contains the names and contact details of more than 600 Russian FSB intelligence agents; the same agency that employs many Russian hackers. Though experts point out these data dumps are not fresh, but instead organized from previous leaks, the public dissemination of these personal data points on Russian operatives allows for a wider latitude of potential problems for those on these lists. This could range from simple online or public harassment of the operatives and those close to them, to foreign and international indictments or sanctions. It will be more difficult for anyone on such a list to return to a normal life after this war, with legions of independent hackers hunting them. If this weren’t enough to further dampen Russian morale, the embarrassing fact that this data could be acquired in the first place surely does not sit well with Russian intelligence or armed forces. To serve the Russian state now comes with a new set of risks that few would take on without substantial discomfort.
Beyond just taking aim at military individuals, anti-Kremlin hackers have targeted state television stations, state-owned utilities, and even private citizens. Though far from the Ukrainian frontlines, Russian citizens are still being caught in the crossfire of the ongoing cyberwar.
Russian citizens now constitute almost one-fifth of global cyberattack victims since the end of February 2022. On average, two Russian internet users have had their private data accessed and leaked every second so far this year. This may have profound long-term effects on the already economically decimated Russian population in terms of privacy and potential economic loss. As hackers exfiltrate terabytes of data from Russian online accounts, this private data could end up in the hands of any of the opportunistic cyber vigilantes who are itching to make Putin and his supporters pay for the Russian military’s crimes in Ukraine.
This startling new pile-on may be in part due to decreased fear of Russian retaliation, and a sudden jolt in anti-Kremlin sentiment that came along with the February invasion of Ukraine. As Russia suffered embarrassment after embarrassment by Ukrainian hands on the battlefield, the United States embarked on an aggressive legal and policy campaign to disrupt and deter the Kremlin’s A-list hackers. This resulted in repeated fumbles by the Russians in the early days of the war. While originally many experts took the dearth of successful and complex Russian cyberattacks since the onset of the war to mean the Russians had greater plans, now, reporting from security companies and government disclosures alike have led many to believe that the Kremlin has simply failed. Sensing weakness and galvanized by the Ukrainian call to arms, hackers from around the world, state-sponsored and independent, have joined the cyberwar against Russia.
As Russia hemorrhages sensitive data from every sector, some analysts smell blood in the water, predicting crippling effects on the future of the Russian state as we know it. Online repositories such as Distributed Denial of Secrets have been curating the ever-expanding catalog of hacked data exfiltration from Russian energy companies, banks, media censorship agencies, government contractors, mining companies, investment firms, and still more critical sectors. The damage these leaks could cause may be profound, devastating the Russian state’s ability to function properly, or leading to still more economic devastation. Intelligence agencies around the world may absorb this data to Russia’s detriment. It may take decades for Russia to recover.
Other analysts dismiss these leaks as a mere airing of dirty laundry. To a state that has shown little regard for transgressing on the moral tenets of its adversaries, these leaks of emails and internal documents may ultimately not amount to much—after all, it is difficult to shame the shameless. However, all of this data exiting Russia is unanalyzed, and it will likely take months for Russian-speaking analysts to comb through it. No doubt, governments and news outlets all over the world are already taking advantage of repositories like Distributed Denial of Secrets. This data could be used by journalists and war crimes investigators to determine who knew what, when, and what groups were involved. Other ways they may leverage this unprecedented public divulgence of state-sensitive data remain to be seen, but it seems certain that the once opaque and shadowy world of Russian business and government is about to be illuminated like never before.
To make matters worse, the normally dreaded Russian cyberwarriors of the GRU, FSB, and SVR have recently missed their marks uncharacteristically often. Since the start of the conflict, the United States, the Five Eyes, Ukraine’s own cyber prowess, and titans of industry have spoiled many Russian attempts to hobble Ukraine’s defenses, and not just in military contexts. Breaches of Ukrainian email addresses are down approximately 58 percent in the past two months, though some of this decrease may be due to war related displacement, service outages, enlistment, and death. In fact, it appears the hackers on the Kremlin’s payroll are attempting to pursue Ukrainians as they take refuge abroad. Poland has seen a significant uptick in successful email hacks. This likely corresponds to the Kremlin’s ire toward the NATO country and its stalwart aid to, and support of, Ukraine during this conflict.
Russian state hackers have attempted to retaliate to these setbacks, with middling success. Groups such as Gamaredon (a.k.a. Armageddon or Shuckworm) have concocted and deployed new malware variants in Ukraine. These variants, however, are redevelopments of espionage malware from 2016, and are a far cry from the devastating attacks like BlackEnergy that many were expecting from the Kremlin by this point in the war. While the Russian military threat to Ukraine and Europe remains very real, and the Five Eyes continue to warn of potential critical Russian attacks, it seems the Russian bear’s claws are not as sharp as they once were.
Aaron Crimmins, Esq. is a cyber strategy and governance consultant and writer based in San Diego, California. He tweets @00crims.