The Many Variants of Russian Cyber Espionage

One of the tools Russia relies on is cyber espionageLast week, the IT security firm Trend Micro shined a light on yet another case of alleged Russian cyber espionage as part of a report on Operation Pawn Storm. This report was just the most recent in a series of research papers by companies all over the world dating back to 2007 detailing the tools, techniques, and targets of cyber threat actors with reported connections to Russia….

Among other idiosyncrasies, Operation Pawn Storm was particularly good at faking Outlook Web Access (OWA) to get user credentials. Quedagh used a malware kit typically associated with criminals to gain an initial foothold in target systems and achieve plausible deniability. Red October contained a piece of code to create a foolproof way to regain access to the target system even after removal. And finally, Turla, perhaps the most technically complex and insidious of them all, used several zero-day vulnerabilities that left even the best prepared organizations virtually defenseless against intrusion.

What, then, are the strategic implications of these allegedly Russian incursions at the tactical level? While the list of targets published by security companies are usually quite extensive, almost every campaign has had an identifiable focus on Russia’s near abroad as well the United States and NATO/ EU member states. Often, international organizations themselves were also specifically targeted. Clearly, cyber espionage has taken its place among the set of tools that Russia relies on for achieving its strategic interests, including power projection and hegemony in the former Soviet space as well as a return to parity with the West and to great power status at the international level. Russian cyber capabilities have clearly advanced far beyond the widely publicized use of DDoS attacks during the Bronze Soldier Crisis in Estonia in 2007 and the Russo-Georgian War of 2008. These developments mirror the wider modernization of its armed forces that began in the aftermath of the Georgian occupation. Furthermore, cyber capabilities also fit well into the wider framework of the Gerasimov Doctrine of asymmetrical warfare and both support and enable other aspects of Russia’s toolkit, especially information warfare. Finally, Russia’s liberal application of malicious code reflects—and perhaps even motivates—its increasingly emboldened aggressiveness in international affairs. No aspects of these considerations bode well for European security or for a rule-based and sovereignty-respecting international order more broadly.

Image: One of the tools Russia relies on is cyber espionage (photo: UK Ministry of Defense)