The Digital Battleground of the Ukraine-Russia War

Russia’s recent invasion of Ukraine has accentuated contemporary political tensions and drawn commentaries on parallels to past geopolitical disputes. One unprecedented facet of the invasion, however, is digital warfare, an aspect of modern conflict that has yet to coincide with a war of this magnitude and will have significant effects on actors far removed from Eastern Europe, as Russia attackers use Ukraine as a testing ground for new cyber weapons.  

Months before its militants crossed the border into Ukraine, Russia initiated cyberattacks on Ukraine’s digital infrastructure. The source of a cyberattacks can be difficult to accurately attribute, and often the accused source has plausible deniability, with complicated masking techniques protecting attackers’ identities. Strong evidence, however, has tied Russian hackers to major hacking events across the globe. Over the past twenty years, Russia has developed into a haven for hackers and cyberattacking groups, many of whom act with state support, and attacks from Russia have become increasingly more sophisticated and malicious.

Ukraine is not blind to Russia’s cyber warfare tactics. Since 2015, shortly after Russia’s initial invasion and successful annexation of Ukraine’s Crimean Peninsula, Russian hackers have been tied to various cyberattacks in Ukraine, with targets including electrical power grids, government agencies, and the national banking system. Now, just before Russia’s current invasion began, Ukraine was targeted with a never-before-seen “wiper” malware designed to wipe data stored at Ukrainian government agencies and financial institutions to erode the country’s ability to communicate and function economically. New versions of “wiper” malware have been discovered since, with each new malware more destructive than the last and even designed to spread additional “wipers” to other vulnerable computers in the country’s network. In 2017, similar malware was responsible for the NotPetya attack attributed to Russia, which caused billions of dollars of damages to major international companies like FedEx, leading experts to fear another potentially catastrophic attack to occur in Ukraine.

Ukraine is seemingly Russia’s focal target for cyberattacks right now, but global cyberwar is likely to spread, particularly as Russia faces isolation from the West.

While the “wiper” malware’s impact has been minimal so far, Russian hackers have also launched “denial of service” attacks to flood government and banking websites with fake traffic to make them inaccessible to users and government and bank officials. In addition to attempting to hamper activity in Ukraine, all of these devices are designed to demoralize Ukrainians psychologically, suggesting to Ukrainians that Russia has technological superiority in the conflict and the upper hand in cyberspace.

Ukraine is seemingly Russia’s focal target for cyberattacks right now, but global cyberwar is likely to spread, particularly as Russia faces isolation from the West due to widespread economic sanctions from the United States and its European allies as they continues to support Ukrainian resistance to the invasion. In the first weeks of Russia’s assault on Ukraine, cyberattacks have been more limited and less organized than expected, leading to optimism that Russia’s cyber capabilities are not as devastating as previous attacks would suggest. As the conflict persists, however, Russia will continue to be secluded in the global economy, and will be incentivized to develop further cyber weapons in retaliation.

One potential expansion of the Russia-Ukraine cyberwar is Russia targeting crucial Western companies, such as Shell, that have recently started to pull their operations out of the country. Russia could launch cyberattacks against companies like Shell to dissuade other Western firms from following these companies out of Russia for fear of a similar attack being launched against their own cyber infrastructure. Attacks on oil-and-gas companies are of particular concern to Western countries, especially given the devastating impact of the Colonial Pipeline cyberattack in 2021. Though that attack was not orchestrated by the Russian state, Russia is capable of similar attacks that could cripple transportation within the borders of the United States and other NATO member countries.

While global cyber warfare may seem unlikely, international actors now have unprecedented digital capabilities that can leave governments and private companies vulnerable, especially given the interdependence of crucial infrastructure—particularly the connectivity of electricity and communications. Research has shown that, while past cyberattacks have not been as damaging as anticipated, most past attacks were likely test runs of cyberweapons, and cyberattacks have the potential to be far more devastating to data and physical infrastructure.

Government and private actors must be on high alert to avoid the potentially catastrophic impact of expanded cyber warfare, and collaboration between governments and tech companies can be crucial to resisting attacks. Fortunately, positive steps are being made. In Ukraine, following the release of “wiper” malware, Microsoft virus detection systems were able to erase the malware. The company has since been sharing the details of the code with other European nations in hopes of thwarting other cyberattacks on Russia’s enemies. While only a small stride toward ensuring cyber peace, collaboration like this will be paramount to avoiding global cyber warfare.

John Dean

John attended the University of North Carolina at Chapel Hill for college, double majoring in History and Political Science. In law school, John is involved as a staff member for the North Carolina Journal of Law & Technology.