Russian Cyber Strategy And Tactics

Uploaded on 2018-11-27 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, TECHNOLOGY--Hackers

Russia views cyber very differently than its western counterparts, from the way Russian theorists define cyberwarfare to how the Kremlin employs its cyber capabilities. The following is a summary of the key findings: 

Russian officials are convinced that Moscow is locked in an ongoing, existential struggle with internal and external forces that are seeking to challenge its security in the information realm. 

The Internet, and the free flow of information it engenders, is viewed as both a threat and an opportunity in this regard. 

• Russian military theorists generally do not use the terms cyber or cyberwarfare. 

Instead, they conceptualise cyber operations within the broader framework of information warfare, a holistic concept that includes computer network operations, electronic warfare, psychological operations, and information operations. 

• In keeping with traditional Soviet notions of battling constant threats from abroad and within, Moscow perceives the struggle within “information space” to be more or less constant and unending. 

This suggests that the Kremlin will have a relatively low bar for employing cyber in ways that US decision makers are likely to view as offensive and escalatory in nature. 

• Offensive cyber is playing a greater role in conventional Russian military operations and may potentially play a role in the future in Russia's strategic deterrence framework. 

Although the Russian military has been slow to embrace cyber for both structural and doctrinal reasons, the Kremlin has signaled that it intends to bolster the offensive as well as the defensive cyber capabilities of its armed forces. During the contingencies in Georgia and Ukraine, Russia appeared to employ cyber as a conventional force enabler

• The Georgia and Ukraine conflicts also provided opportunities for Russia to refine their cyberwarfare techniques and procedures and to demonstrate their capabilities on the world stage. These demonstrations may later serve as a basis to signal or deter Russia's adversaries. 

• Hacktivists and cyber-criminal syndicates have been a central feature of Russian offensive cyber operations, because of the anonymity they afford and the ease with which they can be mobilized. 

However, the crowd-sourced approach that has typified how the Kremlin has utilised hackers and criminal networks in the past is likely to be replaced by more tailored approaches, with the FSB and other government agencies playing a more central role.

Information Warfare 

The Russians generally do not use the terms cyber (kiber) or cyberwarfare (kibervoyna), except when referring to Western or other foreign writings on the topic. 

Instead, like the Chinese, they tend to use the word informatisation, thereby conceptualising cyber operations within the broader rubric of information warfare (informatsionnaya voyna). The term, as it is employed by Russian military theorists, is a holistic concept that includes computer network operations, electronic warfare, psychological operations, and information operations.

In other words, cyber is regarded as a mechanism for enabling the state to dominate the information landscape, which is regarded as a warfare domain in its own right. 

Ideally, it is to be employed as part of a whole of government effort, along with other, more traditional, weapons of information warfare that would be familiar to any student of Russian or Soviet military doctrine, including disinformation operations, PsyOps, electronic warfare, and political subversion. 

Perhaps not surprisingly, given the broad conception of IW in Russian theory, the focus of Russia’s cyber operations also tends to be strategic and long term in nature, rather than operational or tactical. 

While Russian theorists have discussed what they call the information-strike operation against enemy forces, which was evidenced in the 2008 war with Georgia, most actual uses of information weapons in operations have aimed at the domestic “nerves of government” or of society, not combat forces or military command and control. 

Indeed, the “information-psychological” aspect that covers the use of the press and the media broadly conceived against a target’s information space is a key category among many in the Russian definition of Information Operations and Information Warfare. 

This strategic emphasis has, in turn, influenced, or been influenced by, how Russia has organised and postured its cyber forces.

Hacktivists and Criminals 

Cyber hacking groups, or advanced persistent threat (APT) groups, have become a central part of Russia’s cyber-IO toolkit. 

While direct links to the Russian government are difficult to prove conclusively, the Russian government denies that it sponsors any hacker groups, there are a number of groups whose activities are closely aligned with the Kremlin’s objectives and worldview. 

Russia is not unique in this regard: China, Iran, North Korea, and other cyber adversaries have been known to outsource their operations to non-state actors. Where Russia differs from these other adversaries is its success in this regard. To begin with, Russia has been enabled by its ability to draw on a vast, highly skilled, but under-employed community of technical experts. 

Russian and other East European hackers are also widely regarded as the best in the world, to the extent that they are sometimes hired by other states to conduct cyberattacks on their behalf. For example, Russian hackers were suspected of being behind North Korea’s hack of Sony Pictures

Conclusion 

Cyber operations, such as the DNC hack and the attack on the Ukrainian power grid, illustrate that Russia’s cyber capabilities and tactics continue to evolve and adapt. 

Estonia, Georgia, and Ukraine have served as testing grounds and signaling arenas for Russia’s cyber forces, providing opportunities for them to refine their cyberwarfare techniques and procedures while demonstrating their capabilities on the world stage to influence or deter Russia's adversaries. 

The simple DDoS attacks and DNS hijackings that typified Russian cyber operations in Estonia and Georgia have since been overshadowed by more sophisticated tactics and malware tools, such as BlackEnergy and Ouroboros. If the example of Ouroboros is any indication, state-based actors, such as the GRU and FSB, also appear to be playing a more direct role in Russian offensive cyber operations than they did in the past. 

Non-state hackers, criminal syndicates, and other advanced persistent threats will probably remain a constant feature of Russian offensive cyber operations, both for the anonymity they afford and the ease with which they can be mobilised. 

However, as governments and companies around the world have hardened their networks, the basic techniques used by hacktivists and other non-state actors, for instance, redirecting traffic, are no longer as useful as they were five or ten years ago. 

The crowd-sourced approach that has typified how the Kremlin has utilised hackers and criminal networks in the past is likely to be replaced by more tailored approaches, with the FSB and other state agencies conducting network reconnaissance in advance and developing malware to attack specific system vulnerabilities. 

CNA:

You Might Also Read:

What Is The GRU & Who Does It Hack?

Russia And US Offer Competing Visions Of Cyber Normality

« Google Helps Boost High Street Spending
Russian Hackers Have New Weapons »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

Oak Ridge National Laboratory (ORNL)

Oak Ridge National Laboratory (ORNL)

ORNL conducts basic and applied research and development in key areas of science for energy, advanced materials, supercomputing and national security including cybersecurity.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

Infosec Institute

Infosec Institute

Infosec is a leading cybersecurity training company, we help IT and security professionals advance their careers with skills development and certifications.

Association of Azerbaijani Cyber Security Organizations (AKTA)

Association of Azerbaijani Cyber Security Organizations (AKTA)

The Association of Azerbaijani Cyber Security Organizations (AKTA) is a non-commercial organization aimed at strengthening the country's cybersecurity system.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.