Russia's cyber activities in Ukraine have moved from strategic civilian targets to tactical military objectives, according to a recent report by the Royal United Services Institute (RUSI).
The change aligns with Russia's anticipated summer offensive aimed at reclaiming territory lost during Ukraine's 2023 counter-offensive.
Multiple Russian cyber units, including the GRU and FSB, have adapted their strategies to focus on Ukrainian military computers and mobile devices, aiming to provide battlefield advantages. This adaptation marks a departure from their initial strategy of targeting Ukrainian critical infrastructure to exert societal pressure, which was more prevalent in the early stages of the invasion.
“Beyond targeted efforts to gain access to devices and systems used by Ukrainian soldiers, Russia has also reoriented its cyber forces to help locate Ukrainian military equipment and positions,” the report said.
Russia's intelligence services have streamlined their previously disjointed cyber efforts, integrating cyber and conventional capabilities to enhance their military effectiveness. Despite the shift, there is still some operational activity targeting Ukrainian infrastructure, likely as preparations for future sabotage.
The primary focus of Russian cyber efforts now includes penetrating frontline devices used by Ukrainian soldiers, exploiting data-driven combat strategies and secure messaging applications like Signal. Methods include malware disguised as military apps and social engineering to link soldiers' accounts to Russian-controlled instances of messaging apps.
Additionally, Russia targets Ukrainian command-and-control systems, tricking soldiers into divulging credentials to access battlefield management systems. They also utilize compromised webcams and other surveillance methods to locate Ukrainian military equipment and positions.
“We should also be prepared for Russia’s new operational concepts to proliferate outside of Ukraine,” the report warns. “Today, Signal and other EMAs have become standard practice for sensitive communications. These applications see ubiquitous use by Western militaries, politicians, civil-society groups, and other common targets of Russia’s intelligence services. Russia's war-focused tactics could therefore reasonably see wider use to fulfil other urgent intelligence requirements, such as the collection of foreign political intelligence from Ukraine’s partners, or in potential efforts to influence one of the many consequential Western elections on the horizon.”