Why did Russia's cyber warfare against Ukraine fizzle out?

The vice president of the Microsoft Threat Intelligence Center grants insight into the sudden lack of aggression from Russia at the war's outbreak.

 John Lambert, vice president of the Microsoft Threat Intelligence Center (photo credit: Cyber Week Tel Aviv University)
John Lambert, vice president of the Microsoft Threat Intelligence Center
(photo credit: Cyber Week Tel Aviv University)

The smart people over at Microsoft’s Threat Intelligence have been keeping their eyes peeled for the latest developments in cyber warfare, and the recent activity between Russia and Ukraine has given them a lot to look at.

Speaking at Cyber Week 2022, John Lambert, vice president of the Microsoft Threat Intelligence Center, explained the lessons that his department has gleaned from observing the cyber activity between the two nations.

“Many of the actors that we track have a global remit, they’re going after, you know, defense, military and intelligence diplomatic targets around the world,” said Lambert.

However, the actors involved in cyber warfare against Ukraine were much more focused. “They don't have a global remit, but they focus heavily on Ukraine now but also border countries with Russia."

Russia led up to the Ukraine war with several stages of cyber attacks, composed of DDoS attacks, massive personal information leaks and wipers. “It was all about intimidation, psychological operations, all coordinating together,” Lambert added.

Russia's attacks

Following the initial stage of attacks, Russia moved on to critical infrastructure attacks on government, energy and financial organizations.

“After the Olympics, we saw a much bigger destructive wave of attacks affecting over 20 organizations [in Ukraine]: hundreds and hundreds of systems wiped, heavily focused on the government and the banking sector there.”

However, after the war broke out there was relative silence on the cyber front as Russia resorted to more traditional siege methods. Said Lambert: “At the beginning of the war, people were confused. Where’s the big cyber? Why did they not destroy the power grid at the beginning?”

“At the beginning of the war, people were confused. Where's the big cyber? Why did they not destroy the power grid at the beginning?”

John Lambert, vice president of the Microsoft Threat Intelligence Center

“The easiest explanation is that Russia believed in their war plans. They thought in 10 days they would be governing the country, the government would fall and they didn’t want to wreck the infrastructure of the country,” he said. “That did not go according to plan, and they had to adapt.”

Another perspective on Russia’s lack of cyber aggression during the war was offered by Professor Isaac Ben-Israel is the director of the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University and co-founder of Cyber Week.

“If you want your capability to be adaptive, you have to invest a huge effort in maintaining this capability,” he said. “Russia didn’t do that, and that’s why when the war started, you saw certain cyber actions, but that was the end of it.”