Threat hunters minimize Russia’s cyber prowess

Dive Brief:

  • Russian cyberattacks against Ukraine and its allies have yet to materialize at the scale and severity many expected. Russia’s attack against Viasat’s KA-SAT management network during the first hours of its invasion of Ukraine remains its most significant success to date.
  • The Russian wiper malware attack on Viasat was “one of the biggest cyber events that we have seen perhaps ever, certainly in warfare,” Dmitri Alperovitch, CrowdStrike cofounder and executive chairman of the Silverado Policy Accelerator, said Tuesday at the RSA Conference. It blocked the Ukrainian military’s ability to communicate in the first days of the invasion, but Russia’s gain was short-lived.
  • “As we have seen time and time again, for now almost three and a half months of this war, the Russians are horrible at combined arms,” Alperovitch said. This extends to its traditional military that’s faltered on the ground and in the air due to a lack of coordination.

Dive Insight:

Russia has consistently displayed a lack of foresight and planning in its cyber activities since it invaded Ukraine more than 100 days ago. Despite tactical successes in Ukraine, Russia failed to turn those into potentially more devastating campaigns. 

While cyber is an important weapon in warfare, the assumption that it will be such a critical element has been overblown, Alperovitch said. “Even the best tactics, even in cyber, don’t compensate for a really, really bad plan.”

Russia hasn’t, despite expectations, retaliated for the sanctions via cyberattacks against Ukraine’s allies but those attacks may still come. While Russia’s cyberthreat remains lower than expected, the White House and federal cybersecurity authorities continue to caution organizations to remain vigilant. 

The Department of Justice in April disrupted the state-backed Russian botnet Cyclops Blink and Attorney General Merrick Garland pointed to the Russian government’s use of similar infrastructure to attack Ukrainian targets.

Sandra Joyce, EVP and head of global intelligence at Mandiant, said her team observed wiper attacks on individuals and Chinese threat actors operating…