Our programs and centers deliver in-depth, highly relevant issue briefs and reports that break new ground, shift opinions, and set agendas on public policy, with a focus on advancing debates by integrating foundational research and analysis with concrete policy solutions.
When major global news breaks, the Atlantic Council’s experts have you covered—delivering their sharpest rapid insight and forward-looking analysis direct to your inbox.
New Atlanticist is where top experts and policymakers at the Atlantic Council and beyond offer exclusive insight on the most pressing global challenges—and the United States’ role in addressing them alongside its allies and partners.
A weekly column by Atlantic Council President and CEO Frederick Kempe, Inflection Points focuses on the global challenges facing the United States and how to best address them.
UkraineAlert is a comprehensive online publication that provides regular news and analysis on developments in Ukraine’s politics, economy, civil society, and culture. UkraineAlert sources analysis and commentary from a wide-array of thought-leaders, politicians, experts, and activists from Ukraine and the global community.
MENASource offers the latest news from across the Middle East, combined with commentary by contributors, interviews with emerging players, multi-media content, and independent analysis from fellows and staff.
IranSource provides a holistic look at Iran’s internal dynamics, global and regional policies, and posture through unique analysis of current events and long-term, strategic issues related to Iran.
January 9, 2024
There is no clear dividing line between “cyber warfare” and “cyber crime.” This is particularly true with regard to alleged acts of cyber aggression originating from Russia. The recent suspected Russian cyber attack on Ukrainian mobile operator Kyivstar is a reminder of the potential dangers posed by cyber operations to infrastructure, governments, and private companies around the world.
Russian cyber activities are widely viewed as something akin to a public-private partnership. These activities are thought to include official government actors who commit cyber attacks and unofficial private hacker networks that are almost certainly (though unofficially) sanctioned, directed, and protected by the Russian authorities.
The most significant government actor in Russia’s cyber operations is reportedly Military Unit 74455, more commonly called Sandworm. This unit has been accused of engaging in cyber attacks since at least 2014. The recent attack on Ukraine’s telecommunications infrastructure was probably affiliated with Sandworm, though specific relationships are intentionally hard to pin down.
Attributing cyber attacks is notoriously difficult; they are designed that way. In some cases, like the attacks on Ukraine’s electrical and cellular infrastructure, attribution is a matter of common sense. In other cases, if there is enough information, security firms and governments can trace attacks to specific sources.
Much of Russian cyber crime occurs through private hacker groups. Russia is accused of protecting criminals who act in the interests of the state. One notable case is that of alleged hacker Maksim Yakubets, who has been accused of targeting bank accounts around the world but remains at large in Russia despite facing charges from the US and UK.
The Kremlin’s preferred public-private partnership model has helped make Russia a major hub for aggressive cyber attacks and cyber crime. Private hacker networks receive protection, while military hacking projects are often able to disguise their activities by operating alongside private attacks, which provide the Kremlin with a degree of plausible deniability.
More than ten years ago, Thomas Rid predicted “cyber war will not take place.” Cyber attacks are not a battlefield, they are a race for digital resources (including access to and control of sensitive devices and accounts). This race has been ongoing for well over a decade.
Part of the reason the US and other NATO allies should be concerned about and invested in the war in Ukraine is that today’s cyber attacks are having an impact on cyber security that is being felt far beyond Ukraine. As Russia mounts further attacks against Ukrainian targets, it is also expanding its resources in the wider global cyber race.
Andy Greenberg’s book Sandworm documents a range of alleged Russian attacks stretching back a number of years and states that Sandworm’s alleged operations have not been limited to cyber attacks against Ukraine. The United States indicted six GRU operatives as part of Sandworm for their role in a series of attacks, including attempts to control the website of the Georgian Parliament. Cyber security experts are also reasonably sure that the NotPetya global attack of 2016 was perpetrated by Sandworm.
The NotPetya attack initially targeted Ukraine and looked superficially like a ransomware operation. In such instances, the victim is normally prompted to send cryptocurrency to an account in order to unlock the targeted device and files. This is a common form of cyber crime. The NotPetya attack also occurred after a major spree of ransomware attacks, so many companies were prepared to make payouts. But it soon became apparent that NotPetya was not ransomware. It was not meant to be profit-generating; it was destructive.
The NotPetya malware rapidly spread throughout the US and Europe. It disrupted global commerce when it hit shipping giant Maersk and India’s Jawaharlal Nehru Port. It hit major American companies including Merck and Mondelez. The commonly cited estimate for total economic damage caused by NotPetya is $10 billion, but even this figure does not capture the far greater potential it exposed for global chaos.
Ukraine is currently on the front lines of global cyber security and the primary target for groundbreaking new cyber attacks. While identifying the exact sources of these attacks is necessarily difficult, few doubt that what we are witnessing is the cyber dimension of Russia’s ongoing invasion of Ukraine.
Looking ahead, these attacks are unlikely to stay in Ukraine. On the contrary, the same cyber weapons being honed in Russia’s war against Ukraine may be deployed against other countries throughout the West. This makes it all the more important for Western cyber security experts to expand cooperation with Ukraine.
Joshua Stein is a researcher with a PhD from the University of Calgary.
UkraineAlert Jan 2, 2024
By Peter Dickinson
As Russia launches a long-awaited new bombing campaign against Ukrainian cities, fears are mounting that deadlock over continued US and EU military aid may soon leave Ukraine facing critical air defense shortages, writes Peter Dickinson.
UkraineAlert Dec 17, 2023
By Richard D. Hooker, Jr.
If Western leaders fail to provide Ukraine with the weapons to defeat Putin in 2024, this will significantly increase the likelihood of a direct military confrontation between Russia and NATO, writes Richard D. Hooker Jr.
UkraineAlert Jan 4, 2024
By Mykola Bielieskov
By embracing a strategy of active defense in 2024, Kyiv can achieve the twin goals of preventing any major Russian advances and creating conditions that strongly favor Ukraine in what is increasingly a war of attrition, writes Mykola Bielieskov.
The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.
UkraineAlert is a comprehensive online publication that provides regular news and analysis on developments in Ukraine’s politics, economy, civil society, and culture.
The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia and Central Asia in the East.
Image: A hand is seen on a laptop with binary codes displayed in front of the Ukrainian flag in this illustration taken, August 19, 2022. (REUTERS/Dado Ruvic/Illustration)
© 2024 Atlantic Council
All rights reserved.
