A European perspective on the cybersecurity impact of Russia's invasion of Ukraine

Russia's illegal invasion of Ukraine highlights growing concerns across Europe and beyond, not just in terms of military conflict but also cyberwarfare.

When Russia launched a full-scale invasion of its neighbor on February 24, 2022, it quickly became clear that Ukraine could end up on the front lines of a much greater threat waged against the entire western world. In response, the EU has been hard at work mobilizing a cyber defense team of both civilian and military professionals to help protect Ukraine and the rest of Europe from Kremlin-backed threat actors.

What are Russia's cyber targets in Europe and beyond?

Unsurprisingly, Ukraine is Russia's primary target for cyberattacks. In the past decade, these have included coordinated attacks on the country's power grids and other critical infrastructure assets and supply chains. Other attacks in recent years have targeted EU and NATO countries as well, including Estonia, France, Germany, and Poland. The US has also been a target, with CNN reporting in 2015 Russian cyberattacks against the White House itself.

Cyber attacks orchestrated by Russia take many different forms, and there are many different threat actors involved. Arguably, the most dangerous ones are those orchestrated by Russia's intelligence agencies, which are directly funded by the Kremlin and often launch attacks in cyberespionage. Other attacks, especially those that cause direct economic or social disruption, tend to be orchestrated by Russia-based cybercrime syndicates in the name of financial gain. It is widely believed among Western security experts that these groups, while not officially endorsed by the Kremlin, are allowed to operate freely, provided they do not target companies or individuals in Russia or its allies.

The day before Russia invaded Ukraine, Slovak internet security company ESET reported widespread DDoS attacks and previously unknown data wiper malware deployed in Ukraine. Among the targets were government organizations, ministries, and financial institutions. While these were relatively simple attacks without far-reaching consequences, they do make clear the growing threat of cyberwarfare not just against Ukraine but also its allies in Europe and North America.

It was widely feared that, in the early stages of Russia's invasion of Ukraine, it would launch attacks to shut down the country's critical infrastructure and communication services. Although this did not transpire, security experts have little doubt that Russia is instead leveraging its digital capabilities for the purposes of cyberespionage. These attacks have already reached beyond the borders of Ukraine to target military assets in Poland with phishing scams to obtain confidential information. Not only is cyberespionage a direct threat to the target country's national security – any information compromised might also be manipulated and misappropriated in an attempt for Russia to justify its actions.

For those 5,000 miles away in the US, which has made clear its intention to avoid direct military involvement in the conflict, it might be easy to shrug off the threat of Russian cyberattacks. However, the Cybersecurity and Infrastructure Security Agency (CISA) has already warned all organizations and individuals in the US to prepare for the possibility of sophisticated attacks, such as advanced persistent threats (APTs). Moreover, given the severity of the sanctions levied against Russia in response to its invasion of Ukraine, it is likely a matter of when – rather than if – this happens.

How is Europe preparing for cyberattacks?

The EU's Cyber Rapid Response Team is comprised of cybersecurity experts from six participating member states coordinated by Lithuania. The move came as Ukrainian officials warned about cyberattacks ahead of the invasion. Recent events notwithstanding, cyberattacks waged by Russia against Ukraine and the West are nothing new. Since the start of the war in Donbas in 2014, Ukraine has been a testing ground for cyberwarfare.

The increasing danger of cyberattacks and cyber espionage is top of mind for the EU, NATO, and other geopolitical blocs. Political leaders and security experts continue to warn businesses and individuals about the risks and develop responses to the threats. The need for multilayered cyber defenses and proactive strategies has never been clearer when countering increasingly sophisticated threats orchestrated by rogue and hostile regimes.

Several countries in Europe, including Romania, Hungary, Poland, and Finland, have called upon EU leaders to implement a 'digital shield' to protect the region's critical infrastructure and ensure the continuity of vital economic, defensive, and societal operations. With new malware and other attack vectors emerging every day, widespread training and awareness, bolstered by cutting-edge technical measures, has never been more important.

It is clear, especially from the Central and Eastern European perspective, that, so long as the current Kremlin regime exists, the dual threat of cyber warfare and cyberespionage waged by Russia and its allies is not likely to subside. Those on the frontlines of Russia's invasion present a stark warning that the entire western world is a potential target.