A report from Insikt Group dives into the motivations behind Putin’s foreign policy decisions, including “undermining the unity of international institutions, permitting hacktivist activity, ordering cyberattacks or influence operations, directing sabotage or kinetic military operations, and determining the use of nuclear weapons.” Though the report dives into a range of Putin’s foreign policy decisions, I’ve condensed the key areas that cybersecurity leaders should be aware of — especially those who defend supply chains or critical infrastructure. 

Cyberattacks

According to the report, Putin considers offensive cyber operations (including but not limited to deploying malware) to be “effective way to augment Russia’s military operations in Ukraine, degrade supply lines from NATO states to Ukraine, and gain insight into NATO and Ukrainian plans and intentions.”  

The report goes on to cite examples, such as: 

• WhisperGate: In January 2022, a wiper malware known as WhisperGate was launched by GRU Unit 29155. This malware overwrote data on Ukrainian government systems. 
• Kyivstar Telecom attack: In December 2023, a Russian APT group (Sandworm) disrupted internet and mobile services in Ukraine. 

Furthermore, Putin’s offensive cyber strategy has included targeting NATO states, presumably to disturb supply chains to Ukraine. 

Hacktivism

The report also discussed Russian hacktivism initiatives, which it described as “low-sophistication hacktivist attacks.” While Putin does not outright direct pro-Russia hacktivism, it is suggested he enables it because it voices Russia’s discontent with adversaries in a deniable, low-risk manner. These actions have increased since Russia’s invasion of Ukraine in February 2022 and often target adversaries after actions that appear to undermine Russian interests. 

Attacks include: 

• Distributed denial-of-service (DDoS) attacks
• Ransomware
• Doxxing
• Website defacements

An example cited in the report is the joint attack launched by hacktivist entities NoName057(16) and the Russian Cyber Army against the Japanese government, which came shortly after Japan extended support to Ukraine. 

How to Defend Cyber Assets Against Russian Escalation

As Putin’s cyber operations escalate, there are steps organizations can take to bolster security. These include, but are not limited to: 

• Monitoring SOC analysts to 24/7 coverage
• Increasing regular log reviews and threat hunting
• Prioritizing alerts connected to known adversary Tactics, Techniques and Procedures (TTPs)
• Pushing high-priority vulnerability patching

While it is impossible to predict every cyberattack from foreign adversaries, organizations can take these steps to improve their current security measures and lessen the likelihood of a successful attack.