How does the kremlin carry out cyber-attacks in Europe?

The Estonian Intelligence Agency’s report on external threats predicts continued aggression from Russia in the form of cyber attacks. These attacks are a threat to all European countries, but knowing how the attacks work might help prevent them in the future.

While all countries are now having to react to the potential of cyber-attacks, Estonia knows from experience the real impact of hostile online aggression. The annual Intelligence yearbook outlines how these cyber-attacks can be carried out on the technologically advanced Estonia, and beyond. According to the report, all NATO and EU member states are a potential target for Russian Cyber attacks.

The 2019 report outlines who are the most likely actors to be carrying out the hostile acts as the Kremlin routinely denies any knowledge of the cyber activity. The first level carried out by the intelligence community has the most direct contact with the Kremlin. The Federal Security Service and military intelligence use their close position to power to gain access to all telecommunication networks, giving them almost unlimited access to intelligence. The intelligence agencies have also been caught carrying out physical operations abroad, using unprotected WIFI networks to get into secure emails.


The weakest link in national cybersecurity may be found on the level of an individual and without proper education for employees, even the best defences can be overcome.


The second group are cybercriminals that are often coerced into working for the government in return for reduced sentencing. They are less well funded than the intelligence networks and have adapted to using free online programs to give the appearance of unsophisticated ‘lone-wolf’ activity.

The final group of hackers is defined by the Estonians as Compatriot Hackers. These hackers attack international targets from within Russian, usually national infrastructure or networks using denial-of-service tactics or simply defacing websites. While these attacks can be traced back to the Russian Federation, the Kremlin routinely claims that they have no knowledge of the attacks or that they were carried out by rogue groups. However, the actions of these groups are often well coordinated and highly synchronized with Russian foreign policy. Plus, the sophistication of the equipment used would be almost impossible for civilians to get. This has lead the Estonian Intelligence to conclude some connection or sponsorship from the Kremlin. The most recent of these Compatriot Hacks was carried out against Ukrainians during disputes over the Kerch Strait.

While Russian attacks can be unpredictable and hard to prepare for, the report outlines some constant threats that Estonia has to be aware of. The most commonly used technique is the phishing email; where a malicious link is sent in a regular looking email to gain access to the accounts of whole organizations. These phishing attempts are usually not targeting Estonians directly, but instead, use individual’s emails to gain access to larger ministries or international organizations. Russia targets these to gain access to personal emails and private working papers, military and defence organizations.


Same cyber attacks that are a threat to Estonia are also a threat to other regions such as the Visegrad states, where Russia is actively looking for avenues of influence.


These same cyber attacks that are a threat to Estonia are also a threat to other regions such as the Visegrad states, where Russia is actively looking for avenues of influence. Russia has tried to gain access to the emails and private agendas of politicians and organizations in the region. Perhaps to use sensitive information as leverage, or perhaps simply as a way to find exploitable flaws in each country’s political systems. One hacking attempt was successful at gaining access to the Czech Foreign Ministry. The hack resulted in hundreds of emails being stolen from diplomats and Foreign Minister. The information that was stolen may compromise not only the Czech diplomats but allies that they were in communication with.  

The strategies in the report provide helpful insights into the best ways to counter the Russian cyber threat. First, the Russian tactic of targeting international organizations and foreign ministries shows a strategy of trying to utilize European integration and connectedness. By using access to one country to gain access to many, Russia might be able to gain large amounts of intelligence without much effort. This means that cyber defence cannot be effectively tackled only by national governments, there are just too many weaknesses that could be exploited. The European Union Agency for Network and Information Security is currently working with member states to share best practices and form a resilient shield against attacks.

The second lesson that can be learned from the Russian strategy is the role of the individual. The fact that the Russians continue to use the phishing strategy suggests that it is still an effective means of getting access to a system. This means that the individual may be the weakest link in national cybersecurity and without proper education for employees, even the best defences can be overcome.

About author: Simone Neads


Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace