Russia hasn’t launched a massive cyberattack on Ukraine yet. Why not?

Russia hasn’t hit Ukraine with a massive cyber attack yet because it could trigger a retaliatory response, say Northeastern experts. And, Moscow may be reluctant to engage in both a digital war and a conventional conflict, they add. Photo by Ruby Wallau/Northeastern University

This report is part of ongoing coverage of the Russia-Ukraine war. Visit our dedicated page for more on this topic.

More than a week into war and Russia has yet to unleash a paralyzing, large-scale computer network attack on Ukraine. U.S. banks are bracing for retaliatory cyberstrikes that have yet to materialize. Even Volodymyr Zelenskyy, Ukraine’s president, continues to post videos.

What has happened to Moscow’s much-heralded cyber-warfare capabilities?

Ukraine has long been a testing ground for Russia’s cyber capabilities, says Alexandra Roth, executive professor of international business and strategy. Photo by Matthew Modoono/Northeastern University

For starters, “they’re not as sophisticated as many people make them out to be,” says Northeastern’s David Wesley, who teaches graduate-level courses in global strategy and culture in the D’Amore-McKim School of Business. “It’s actually the West that is crippling the Russian computer systems.”

Microsoft, in the span of just a few hours, detected and thwarted a data-wiping attack on Ukraine’s network days after the war started. American enterprise rushing to the rescue in times of war was reminiscent of how Ford quickly pivoted its assembly lines during World War II to build tanks, jeeps, and airplanes.

Russia may also be reluctant to start a cyberwar for fear of getting attacked back, adds Luis Dau, associate professor of international business and strategy.

“They don’t want a war on two fronts if they don’t have to,” he says. “They’re finding the war on Ukraine harder than they were expecting.”

Western governments and companies—and the Ukrainian government itself—have beefed up their computer defenses since 2017, when a sinister ransomware program known as NotPetya infiltrated the servers of Maersk, the Danish cargo-shipping giant. The program destroyed servers and computers around the globe.

Russia’s much-heralded cyber-warfare capabilities are not as sophisticated as people make them out to be, says David Wesley, research program manager at Northeastern University. Photo by Matthew Modoono/Northeastern University

Had it not been for a lone company server in the African nation of Ghana that lost power and thus wasn’t connected to the rest of the network, the situation could have been much worse. “That’s what saved Maersk but it was by accident,” says Wesley.

“Instead of $300 million, it would have been billions of dollars in damage,” he adds.

Two years later, in August 2019, Ukrainian officials launched the new Ministry of Digital Transformation, which is working on cryptocurrencies, blockchain, and offensive hacking capabilities.

“We are creating an IT army,” the ministry’s 31-year-old leader tweeted over the weekend. It directed cyber devotees to a Telegram channel—“itarmyofurraine”—that instructed followers on how to disable Russian websites. Russia’s largest stock exchange as well as a government-owned bank and the Russian Foreign Ministry were taken offline after being targeted by Ukrainian hackers.

Ukrainian ministry officials have also been working with the Anonymous hacking collective to take down Russian sites.

“If you go to almost any Russian website, they’re offline,” says Northeastern’s Wesley. “So the threat against Russia of cyberattacks is much higher now than it is against us.” But, he warns, “that doesn’t mean the threat isn’t there. It’s still really serious.”

Periodic web outages have been reported in Ukraine since hostilities began, but nothing approaching the size and devastation of the Maersk attack, one of the worst cyber breaches ever. Maersk employees reportedly noticed “Ooops your files are encrypted” messages appearing on their laptops before screens systematically went black one-by-one company-wide.

Wesley, Dau, and Alexandra Roth, an executive professor of international business and strategy at Northeastern, authored a case study to be used in international strategy courses to teach students about responding to global threats such as cyber warfare and regional disputes.

Democracy is being taken for granted across the globe, says Luis Dau, associate professor of international business and strategy. Photo by Matthew Modoono/Northeastern University

The June 2017 Maersk incident was likely collateral damage from an attack on Ukraine, which “has long been a testing ground for Russia’s cyber capabilities, and it was no coincidence it all started on the Ukrainian Independence Day,” Roth says.

Most computer network attacks, they say, have the greatest impact on antiquated operating systems such as the one Maersk was using. At a minimum, companies should have a broad approach that includes regular upgrades and patches.

Ignoring those steps could be costly.

Maersk executives were focused on issues such as  inflation, trade, and fluctuating energy prices, but  “failed to recognize that a cyberattack posed a far greater threat on its critical infrastructure,” the professors wrote in the case study. 

The U.S. banking system wouldn’t make the same mistake.

It has been guarding its networks for years, investing massive sums on technology and people to build a wall around its most important data.

Even with those precautions, big institutions such as JP Morgan, Citigroup, and Bank of America have seen a wave of recent cyberattacks that they describe as a subtle but intensified assault, the New York Post reported. The attacks have ramped up since the U.S. imposed sanctions against Russia over the invasion of Ukraine.

But it’s not the big banks that have to worry about a Russian-fueled security breach, say Northeastern professors. It’s the smaller regional banks, credit unions, and hospitals.

“It’s an existential crisis for these smaller organizations,” Wesley says. “The larger ones are much better protected.”

Elon Musk, the South African-born billionaire founder of Tesla and SpaceX, has been outspoken about the invasion of Ukraine. He has come to Ukraine’s defense by shipping Starlink satellite internet stations to keep communications lines open.

Musk warned that Russian forces could still target the terminals.

“Starlink is the only non-Russian communications system still working in some parts of Ukraine,” Musk tweeted, “so probability of being targeted is high. Please use with caution.”

That goes back to the Northeastern professors’ beliefs that the combined efforts of Western technology makes Russia no match for the West.

“Our capabilities are much stronger than many people believe,” says Wesley.

The big question now surrounding a digital attack on Ukraine revolves around NATO’s Article 5, which is based on a collective defense mindset if one country is targeted, says Roth.

“So if a critical infrastructure gets hurt and if it causes physical damage similar to a conventional kinetic attack, then this is pretty clear that NATO will step in,” she says, something that may make Moscow think twice. Ukraine is not a member of NATO, but several of its neighbors are.

Business resilience is one of the lessons learned in the bigger picture of the Maersk case, says Dau. He also thinks that there’s another larger issue at play. “Autocracy is on the rise, democracy is on decline,” he says, pointing to Russia and China as examples. Democracy, he warns, is being taken for granted across the globe.

“They focus on the negatives,” he says. “Oh, it’s increasing our cost of living.”

Dau’s hope is that the Russian invasion will remind those countries how valuable it is to be part of a bigger union such as NATO, the European Union, and the democratic free world. “It’s broader than cybersecurity,” he says.

For media inquiries, please contact media@northeastern.edu.