Skip to main content

Untangling the Russian Web: Spies, Proxies, and Spectrums of Russian Cyber Behavior

Page 1

#ACcyber

I S SU E B R I E F SEPTEMBER 2022

Untangling the Russian Web:

Spies, Proxies, and Spectrums of Russian Cyber Behavior JUSTIN SHERMAN The Cyber Statecraft Initiative works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology. This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. The Initiative convenes a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities. The mission of the Digital Forensic Research Lab (DFRLab) is to identify, expose, and explain disinformation where and when it occurs using open-source research; to promote objective truth as a foundation of government for and by people; to protect democratic institutions and norms from those who would seek to undermine them in the digital engagement space; to create a new model of expertise adapted for impact and real-world results; and to forge digital resilience at a time when humans are more interconnected than at any point in history, by building the world’s leading hub of digital forensic analysts tracking events in governance, technology, and security ATLANTIC COUNCIL

EXECUTIVE SUMMARY

T

he number of cyber operations launched from Russia over the last few years is astounding, ranging from the NotPetya malware attack that cost the global economy billions, to the SolarWinds espionage campaign against dozens of US government agencies and thousands of companies. Broad characterizations of these operations, such as “Russian cyberattack,” obscure the very real and entangled web of cyber actors within Russia that receive varying degrees of support from, approval by, and involvement with the Russian government. This issue brief describes the large, complex, and often opaque network of cyber actors in Russia, from front companies to patriotic hackers to cybercriminals. It analyzes the range and ambiguity of the Russian government’s involvement with the different actors in this cyber web, as well as the risks and benefits the Kremlin perceives or gets from leveraging actors in this group. The issue brief concludes with three takeaways and actions for policymakers in the United States, as well as in allied and partner countries: focus on understanding the incentive structure for the different actors in Russia’s cyber web; specify the relationship any given Russian actor has or does not have with the state, and calibrate their responses accordingly; and examine these actors and activities from Moscow’s perspective when designing policies and predicting the Kremlin’s responses.

INTRODUCTION

T

he number of cyber operations launched from Russia over the last few years is astounding, ranging from the NotPetya malware attack that cost the global economy billions to the SolarWinds espionage campaign against dozens of US government agencies and thousands of companies. Yet broad characterizations of these operations, such as “Russian cyberattack,” obscure the very real and entangled web of cyber actors within Russia that have varying degrees of support from, approval by, and involvement with the Russian government. Contrary to popular belief, the Kremlin does not control every single cyber operation run out of Russia. Instead, the regime of President Vladimir Putin has to some extent inherited, and now actively cultivates, a complex web of Russian 1


Turn static files into dynamic content formats.

Create a flipbook
Untangling the Russian Web: Spies, Proxies, and Spectrums of Russian Cyber Behavior by Atlantic Council - Issuu