The Impact of the Russia-Ukraine Conflict on the Cybercrime Ecosystem

ENISA's Threat Landscape Report 2022 - Part 10 - Supply Chain Attacks

The Russia-Ukraine conflict, which began in 2014, has had a profound impact on various aspects of society. One such area significantly affected is the global cybercrime ecosystem. The conflict has not only intensified cyber operations between the two nations but also contributed to the growth and evolution of cybercriminal activities worldwide.

1. Escalation of State-Sponsored Cyber Operations

The Russia-Ukraine conflict has witnessed a significant escalation in state-sponsored cyber operations. Both countries have increasingly employed cyber attacks as a means of furthering their geopolitical objectives and exerting control over their adversaries. These attacks have ranged from targeted cyber espionage campaigns to disruptive and destructive acts. The heightened state of hostility has created an environment conducive to cyber operations, providing cybercriminals with cover and allowing them to exploit the chaos for their own gain.

2. Evolution of Cyber Tactics and Techniques 

The conflict has played a pivotal role in the evolution of cyber tactics and techniques utilized by cybercriminals. As state-sponsored actors engage in a constant cat-and-mouse game, developing and deploying sophisticated tools and methodologies, their techniques inevitably trickle down to the wider cybercriminal community. For instance, the deployment of advanced malware, such as the 2017 NotPetya, ransomware attack, which caused significant disruptions globally, including in Ukraine, was attributed to Russian state-sponsored actors. The attack leveraged stolen cyber weapons and tools, such as the EternalBlue exploit, which was originally developed by the United States National Security Agency (NSA) but later leaked and utilized by cybercriminals. These developments have forced cybersecurity professionals to adapt and innovate in response, further shaping the dynamics of the cybercrime ecosystem.

3. Cybercrime as a Proxy for State Interests

The Russia-Ukraine conflict has indeed seen a concerning convergence of cybercriminal activities with state interests, resulting in a blurring of lines between state-sponsored and cybercriminal operations. In several instances, cybercriminal groups have been coerced, co-opted, or even recruited by state actors to carry out cyber attacks on their behalf. This phenomenon highlights the complex and evolving nature of cyber warfare and the increasing involvement of non-state actors in state-sponsored cyber activities.

One notable example of this convergence is the cyber attack on the power grid in Ukraine in December 2015. The attack, which resulted in widespread power outages, was attributed to a group known as “SandWorm” or “BlackEnergy,” which had links to Russian state-sponsored hacking activities. The attack showcased the ability of cybercriminals to collaborate with state actors and deploy sophisticated techniques to disrupt critical infrastructure.

Another instance of the hybridization of cybercrime and state interests is the activity of the Lazarus Group. While not directly tied to the Russia-Ukraine conflict, this North Korean state-sponsored hacking group has been involved in various cybercriminal activities, including bank heists, ransomware attacks, and cryptocurrency theft. Their activities demonstrate how cybercriminals can be employed by states to fund their operations or carry out malicious acts for financial gain.

This hybridization of cybercrime and state interests poses significant challenges for attributing cyber attacks accurately. The involvement of state actors provides cybercriminals with a level of protection and deniability, making it challenging to trace attacks back to their true origins. The complexity of the relationships and collaborations between cybercriminals and state actors further complicates attribution efforts. This blurring of lines not only hampers response and deterrence but also has profound implications for international cybersecurity as it challenges the traditional understanding of threats and requires new approaches to defense and cooperation.

Moreover, the convergence of cybercriminal activities and state interests heightens concerns regarding the transfer of knowledge and technologies between state-sponsored actors and cybercriminal groups. State-sponsored attacks often involve the utilization of advanced tools, techniques, and vulnerabilities that, once exposed or leaked, can be adopted by cybercriminals for their nefarious purposes. This transfer of expertise and capabilities enhances the overall sophistication and effectiveness of cybercriminal operations, posing a significant threat to global cybersecurity.

4. Geopolitical Ripple Effect

The ripple effect of the Russia-Ukraine conflict on the cybercrime ecosystem extends beyond the immediate region. The conflict has heightened geopolitical tensions and fueled the emergence of new threat actors around the world. As cybercriminals observe the success and tactics of state-sponsored actors engaged in the conflict, they seek to emulate their methods to achieve their own objectives. This has led to an expansion of the cybercrime ecosystem, with an increasing number of actors adopting nation-state-like capabilities and conducting cyber attacks for financial gain, ideological motivations, or political ends.

5. Weaponization of Disinformation and Propaganda

The Russia-Ukraine conflict has witnessed the weaponization of disinformation and propaganda on a massive scale. State actors have employed cyber tactics to disseminate false narratives, manipulate public opinion, and sow discord. These activities have had a profound impact on trust and stability, not only in the immediate conflict zone but also globally. Cybercriminals have taken note of these tactics and now employ similar strategies to conduct social engineering campaigns, phishing attacks, and disinformation campaigns, exploiting the vulnerabilities of individuals, organizations, and societies.

6. Need for Enhanced International Cooperation

The Russia-Ukraine conflict has underscored the urgent need for enhanced international cooperation to tackle the evolving cybercrime ecosystem. The transnational nature of cyber threats requires a coordinated response that transcends political boundaries. The conflict has served as a wake-up call, prompting governments, international organizations, and cybersecurity stakeholders to recognize the importance of collaboration and information sharing. Joint efforts are necessary to address the challenges posed by state-sponsored cyber operations and the ever-evolving tactics of cybercriminals.


The Russia-Ukraine conflict has had a profound and multifaceted impact on the cybercrime ecosystem. The escalation of state-sponsored cyber operations, the evolution of cyber tactics and techniques, the convergence of state interests and cybercrime, the geopolitical ripple effect, and the weaponization of disinformation and propaganda are all significant consequences of the conflict. Addressing the challenges posed by the evolving cybercrime landscape requires enhanced international cooperation, collaboration, and information sharing. Only through joint efforts can the global community effectively combat the threats posed by cybercriminals influenced by the Russia-Ukraine conflict and safeguard the integrity and security of cyberspace.

About this article
This article was written based on the ENISA’s Threat Landscape Report 2022. To read the full version of the report click here.

Add a comment


Submit a Comment

Your email address will not be published. Required fields are marked *