It if doesn’t frighten you, it should. “The Trump administration has ordered the United States to end offensive cyber operations targeting Russia, . . . (US News, Mar. 2025) Russia, or more particularly the Russian FIE poses a grave threat to U.S. national security. Threats posed by this state-actor and its state-supported proxies are grave both in terms of capability and intent. Russia has consistently demonstrated its capacity to execute sophisticated cyber operations targeting governments, corporations, critical infrastructure and individuals. The perils are multi-dimensional, including espionage, cyber warfare (or “war in the grey”), information operations, subversion, ransoming and economic disruption. Examples of Russia’s malign and nefarious cyber activity are plethora however recently the U.S. and Ukraine seem to enjoy the brunt of Putin’s ire. Here are some points to consider:
1. State-Sponsored Cyber Warfare
- Russia’s GRU Unit 74455, a/k/a “Sandworm” conducts offensive cyber operations, often targeting critical infrastructure the U.S., its allies and shared economic interests.
- The 2017 NotPetya attack caused over $10 billion in global damages, hitting Maersk, FedEx, and other major commercial concerns. This agent was designed for penetration of a particular type of accounting software used in Ukraine. While not specifically targeting the U.S., the global fallout of NotPetya getting into the wild is instructive. In financial terms, it was among the greatest events of “collateral damage during war” ever recorded.
- Russian hackers have targeted Ukraine’s energy sector repeatedly. They have demonstrated a clear ability to take down critical infrastructure. Evidence of Russian FIS’s penetration of U.S. utilities, likely in search of weakness to exploit or to leave ‘back doors’ for future exploitation, has also been detected. Notably, Dragonfly 2.0, a Russian state-sponsored hacking group (also known as Energetic Bear), successfully infiltrated U.S. energy sector systems, including nuclear power plants.
2. Cyber Espionage
- Groups like APT29 (Cozy Bear) and APT28 (Fancy Bear), linked to Russian FIE have hacked into government agencies. They have repeatedly compromised U.S. official networks. The SolarWinds penetration in 2020 is instructive.
- Ongoing efforts to steal classified or proprietary information from defense, aerospace, and technology sectors save Russia billions in research and development. From 2020 to 2021, Russian hackers compromised multiple U.S. defense contractors that provide support to the Department of Defense (DoD), U.S. Air Force, and Navy APT28 “Fuzy Bear” stole information related to weapon systems (including fighter jets and missile defense technologies, communications and surveillance systems, naval and space-based defense projects.
3. Election Interference & Disinformation
- Russia has weaponized social media. Troll farms such as the Internet Research Agency and more rescently AI-home-cooked content spread disinformation and misinformation to masssive audiences.
- Russian cyber actors hacked the DNC and Clinton campaign, leaking emails via WikiLeaks in efforts to subvert the U.S. political process.
- Operation Project Lakhta was ordered directly by Vladimir Putin. This was a “hacking and disinformation campaign” to damage Clinton’s presidential campaign.
- The Justice Department seized thirty-two internet domains used in Russian government-directed foreign malign influence campaigns (“Doppelganger”).
4. Ransomware & Financial Cybercrime
- Russia harbors cybercriminal groups like Conti, REvil, and LockBit, which launch ransomware attacks on U.S. hospitals, businesses, and municipal corporations.
- Many ransomware gangs operate with tacit Kremlin approval—as long as they don’t target Russian entities. For instance, REvil’s malware is designed to avoid systems using languages from the Commonwealth of Independent States (CIS), which includes Russia. This evidences a deliberate effort to steer clear of Russian entities.
5. Potential for Cyber Escalation
- Russia has declared NATO and the West and its “main enemy”. The risk of cyber retaliation is real. Russia has the capability to conduct supply chain attacks, disrupt banking systems, and interfere with military communications.
- In 2020, Russian state-sponsored cyber actors compromised the software company SolarWinds, embedding malicious code into its Orion network management software. This supply chain attack affected approximately 18,000 organizations, including multiple U.S. government agencies and private sector companies. This was a surveillance mechanism which allowed Russia to monitor internal communications and exfiltrate sensitive data from the software users.
- In 2008 Russia deployed specialty malware (“Agent.btz“) which penetrated the U.S. Department of Defense’s classified and unclassified networks. The breach, considered one of the most severe against U.S. military computers, led to the establishment of U.S. Cyber Command to bolster cyber defenses.
Conclusion
The Russian cyber threat is persistent, evolving, and highly strategic. The West has cyber defenses and deterrence strategies in place (like sanctions and counter-hacking operations) however the current Administration’s order to terminate much of that effort cripple U.S. national security.
Quick to react to reporting of the DoD’s posturing, the Cybersecurity and Infrastructure Security Agency (CISA) tweeted, “CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.” Comforting however the words of a confidential source within CISA present a different picture. “A recent memo at the Cybersecurity and Infrastructure Security Agency (Cisa) set out new priorities for the agency, which is part of the Department of Homeland Security and monitors cyber threats against US critical infrastructure. The new directive set out priorities that included China and protecting local systems. It did not mention Russia, . . . analysts at the agency were verbally informed that they were not to follow or report on Russian threats, even though this had previously been a main focus for the agency.” (Guardian, Mar. 2025)
Russia is one of our most aggressive cyber adversaries as well as being recongnized by most nations as a ‘cyber threat pariah’ (i.e., most vocally by NATO, the EU and the U.N.). Given the President’s position on Russia, it’s impossible to say that U.S. continues to harden critical infrastructure, surveil Russian FIE cyber efforts and accomplish effective countermeasures. Russia’s offensive cyber capabilities will remain a major security challenge for the foreseeable future. The question is, are we willing to handicap our efforts to meet our adversaries with robust cyber capability or simply turn our heads away.
