5.1 Russian Cyber Operations

Russian cyber operations are a unique blend of modern technology and a creative use of information that dates back at least as far as the Okhrana, or the Czar’s secret police (Warner, 2017). One of the first acts of a newly created Soviet Union was to start an office of disinformation in 1923 (Agursky, 1989), operations that continued throughout the lifespan of the Former Soviet Union (Pacepa and Rychlak, 2013).

Russian information operations continue to be performed over cyber. Russian cyber operations are a general information‐related capability (IRC) that leverages a rich national legacy of deception, often using remnants of KGB intelligence organization constructs to perform cyber operations. Russia performs nation‐state cyber campaigns that span from denial to manipulation.

In addition to a history of information operations, Russia has a sizable community of highly educated, underemployed, technically savvy computer programmers that play a large role in the criminal cyber community. This includes developing and selling unauthorized access to systems of interest, maintaining nefarious botnets for various operations, and providing ransomware as a service (RaaS). These cyber skills and services are not lost on the Russian state‐sponsored cyber efforts (CISA, 2022).