On November 18, 1956, Soviet leader Nikita Khrushchev met with Western ambassadors at a reception at the Polish Embassy on Klimashkina Street in Moscow. He told the assembled ambassadors, “Whether you like it or not, history is on our side. We will bury you!” This was the height of the Cold War, which has led to near-nuclear confrontation, proxy wars and bilateral sanctions and which has defined – on and off – the relationship between the U.S. and the USSR, sorry, the Russian Federation — ever since. It also has led to cyberattacks and disinformation campaigns.
But guess what? It’s over.
According to news reports, “The Trump administration has publicly and privately signaled that it does not believe Russia represents a cyber threat against U.S. national security or critical infrastructure, marking a radical departure from longstanding intelligence assessments.” That Trump/Russia election interference thing?? A hoax. Russian hackers infiltrating U.S. infrastructure? A hoax. Russian bots influencing U.S. public opinion. You guessed it. A hoax.
Russian cyber operations have historically been guided by the principle of asymmetric warfare — leveraging cyber capabilities to weaken adversaries while avoiding direct military engagement. The primary actors behind these operations include the Russian military intelligence agency (GRU), the Federal Security Service (FSB), and cybercriminal groups with tacit government approval, such as Fancy Bear (APT28), Cozy Bear (APT29), and the Russian Business Network (RBN). The Kremlin’s cyber strategy encompasses disinformation campaigns, cyber espionage, infrastructure sabotage and ransomware operations, often in coordination with traditional intelligence activities. Russian cyber actors have demonstrated their capabilities by breaching critical U.S. and European infrastructure, interfering in democratic elections and deploying disruptive malware with global consequences.
One of the most consequential cyber campaigns attributed to Russian actors was the interference in the 2016 U.S. presidential election. According to the Mueller Report and U.S. intelligence assessments, the GRU’s Fancy Bear and Cozy Bear groups launched coordinated attacks against the Democratic National Committee (DNC) and the Hillary Clinton campaign. Phishing emails led to the theft of sensitive emails, which were later published by WikiLeaks, influencing the election’s narrative. Concurrently, Russian troll farms, notably the Internet Research Agency (IRA), engaged in disinformation campaigns on social media to polarize American voters.
In June 2017, the Russian cyber operation NotPetya targeted Ukrainian infrastructure but quickly spread beyond its intended borders, causing an estimated $10 billion in damages worldwide. Originally disguised as ransomware, NotPetya was a wiper malware designed to permanently destroy data. The attack crippled major companies, including Maersk, Merck and FedEx, showcasing Russia’s willingness to use cyber tools for economic sabotage.
Once again, in one of the most sophisticated cyber espionage campaigns in history, Russian-backed hackers compromised the SolarWinds Orion platform, injecting a malicious update that provided backdoor access to multiple U.S. federal agencies and private sector firms. Discovered in December 2020, this attack allowed Russian intelligence operatives to monitor sensitive communications for months. The incident underscored vulnerabilities in supply chain security and prompted the Biden administration to impose sanctions on Russian entities involved.
The ransomware attack on Colonial Pipeline in May 2021 (while not definitively linked to the Russian government) illustrated how Russian cybercriminal organizations operate with impunity. DarkSide, a ransomware group believed to be based in Russia, disrupted fuel supplies along the U.S. East Coast, leading to panic-buying and economic disruption. The incident highlighted the blurred lines between state-sponsored cyber operations and criminal activity tolerated by Russian authorities.
As Russia launched its full-scale invasion of Ukraine in February 2022, cyberattacks became an integral component of its military strategy. Russian hackers targeted Ukrainian government systems, power grids and satellite communications, attempting to disable critical infrastructure. The attack on Viasat satellite networks disrupted communications for Ukrainian forces and even affected European broadband users. In response, Ukraine, supported by Western allies, fortified its cyber defenses and retaliated through the IT Army of Ukraine, engaging in cyber countermeasures against Russian assets.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) used to be responsible for assessing such threats and responding to them. Since its inception, it has continuously monitored Russian cyber threats and provided detailed assessments through its “Shields Up” initiative. Following the Ukraine invasion, CISA warned of increased Russian cyber threats against U.S. infrastructure, urging organizations to enhance their security postures. CISA, in collaboration with the FBI and NSA, identified and attributed multiple attacks to Russian entities, emphasizing the risks posed by state-backed Advanced Persistent Threats (APTs).
Similarly, the European Union Agency for Cybersecurity (ENISA) has assessed Russian cyber threats, particularly concerning hybrid warfare tactics that blend cyber operations with disinformation campaigns. NATO has also recognized cyberattacks as a key element of modern warfare, reinforcing defensive measures across member states.
Not anymore.
Apparently, we won the cyber war. According to The Guardian, “Liesyl Franz, deputy assistant secretary for international cybersecurity at the State Department, said in a speech last week before a United Nations working group on cyber security that the U.S. was concerned by threats perpetrated by some states but only named China and Iran, with no mention of Russia in her remarks. Franz also did not mention the Russia-based LockBit ransomware group, which the U.S. has previously said is the most prolific in the world and has been called out in UN forums in the past.” CISA’s new priorities — according to an internal memo at the agency “included China and protecting local systems but did not mention Russia.”
Based on this change in strategic focus, it appears that someone has won the cyber war. I suppose we could ask Mr. Khruschev who that might be.
