Since the mid 1990s, the Russian Federation has used various forms of cyberwarfare against the U.S. as part of its “information confrontation strategy.” This strategy is described by the Russian government as a “form of interstate confrontation that involves the targeted use of specially developed means to influence the information resources of the opposing side and protect one’s own resources in the interests of achieving stated political and military goals.” The ODNI 2025 unclassified security report states that “Russia’s advanced cyber capabilities, its repeated success compromising sensitive targets for intelligence collection, and its past attempts to pre-position access on U.S. critical infrastructure make it a persistent counterintelligence and cyber-attack threat. Moscow’s unique strength is the practical experience it has gained integrating cyber-attacks and operations with wartime military action, almost certainly amplifying its potential to focus combined impact on U.S. targets in time of conflict.” In 2024, an international team of researchers compiled the first ever ‘World Cybercrime Index’ (WCI) in which Russia was ranked #1 overall by a large margin.
Figure reproduced from: Kappos et al., PLOS ONE (2023), “Mapping the global geography of cybercrime with the World Cybercrime Index (Fig. 1)”. PLOS ONE article content is licensed under CC BY 4.0; base map and data from OpenStreetMap and OpenStreetMap Foundation https://doi.org/10.1371/journal.pone.0297312.g001
While there is no doubt that Russian aggression is extremely damaging to most nations, the U.S. is by far the most targeted adversary of the Russian Federation. In the past year, the US was the most targeted nation by Russian cyberattacks, at 20% of all attacks, followed by the UK at 12% and Ukraine – the only non-Nato member in the top 10 – at 11%. However, this is nothing new, as for the past thirty years, Russia has been using cyberwarfare strategies against the U.S.. Some examples of infamous attacks are:
- The Moonlight Maze Intrusion, in which Russian actors hacked into a computer at the Colorado School of Mines, from which they “hopscotched” to various government agencies and military computers, collecting sensitive information for several years before being discovered.
- The 2008 malware infection of the United States Department of Defense, in which a USB containing malicious code was attached to a laptop belonging to the U.S. Central Command, from which it spread to various other systems. This attack has been described as the worst breach of U.S. military computers in history. This attack, and the failure to defend against it, led to the creation of the United States Cyber Command (USCYBERCOM).
- The 2015 White House and State Department Attacks, where it was reported that Russian hackers penetrated sensitive parts of White House computers. Many U.S. intelligence agencies hailed the attacks as some of the most sophisticated cyberattacks ever launched against the United States.
- 2016 Election Interference, where in the run-up to the 2016 US presidential elections, Russian agents engaged in a multipronged influence campaign intended to “undermine public faith in the US democratic process, denigrate Hillary Clinton. One aspect of this campaign began as early as 2014, and aimed to delegitimize the US political process by amplifying politically polarized views through social media accounts—often under false personas—managed by the Russia-based IRA.”
- From 2018 till the present day, the Russian government has been involved in various high risk cyberattacks against U.S. government and private sector infrastructure, such as electrical grids.
These attacks are committed by numerous different Russian actors, including both state and private actors. One of the key perpetrators of these attacks is the Federal Security Service (FSB), a federal executive body within Russia overseen by the President, whose primary tasks are counterterrorism, national security, border security, ensuring information security, and counterintelligence.
Another Russian agency overseen by the president with heavy involvement in cyber operations is the SVR, which is aimed at protecting the individual, society and the state from external threats by using the means and resources stipulated by Russian Federal Law. The military is also heavily involved in cyber operations through the GRU, which answers directly to the chief of the general staff and the Russian defense minister, with the mission of gathering foreign military, political, and economic intelligence to support the Russian government’s defense and security policies. This includes traditional espionage, as well as a wide range of operations such as cyberattacks, deploying special forces (Spetsnaz) for reconnaissance and sabotage, and conducting information warfare.
Outside of government agencies, various private Russian cybersecurity companies, such as Positive Technologies are either formally or informally contracted, or otherwise linked to Russian cyberattack efforts.
Despite numerous attacks committed by these groups, they have not caused near the amount of damage as they have the potential to inflict. Economists at Goldman Sachs warn that “While improbable, criminal cyber activity aimed at critical U.S. infrastructure is still technologically possible and could be “extremely destructive,” adding that an attack that targets the Northeast U.S. power grid and plunges the region’s 15 states into darkness could cause between $250 billion and $1 trillion in economic damages.” Leading Goldman economist Jan Hatzius says the energy, financial services and transportation sectors are particularly at risk of Russian attacks given their high economic importance.
Of course, the U.S. government is well aware of these threats, and in response, U.S. and allied governments have expelled suspected Russian spies, uncovered espionage operations, pursued criminal indictments, and sanctioned the agencies and their leadership for their aggressive and reckless activities. The U.S. leads impactful cyber sanctions against Russia, Russian companies that engage in cyber-attacks, as well as other states, such as North Korea. America also pushes some of the longest-lasting international frameworks authorizing measures against individuals and entities engaged in significant malicious cyber activity. In tandem with these defensive measures, the U.S. uses various offensive measures, such as the Internet Research Agency Disruption (2018), and presumably many other classified offensives against the Russian State, as well as private Russian companies.
However, America’s counter-Russian cyber strategy has suffered some drawbacks recently. One of the largest changes in U.S. counter Russia cyberwarfare doctrine came in March 2025, when U.S. Secretary of Defense Pete Hegseth ordered U.S. Cyber Command to halt all offensive cyber operations against the Russian Federation. Many analysts and writers have argued that this move (along with the overall lack of a firm and coordinated U.S. response to Russian cyber infringements) has only caused the problem to grow. Many cite America’s growing acceptance of cyber and hybrid warfare aggression as fuel for actors such as Russia, China, North Korea and Iran to continue to commit these types of attacks.
The issue that policy makers are unfortunately running into, is that this strategy of hybrid warfare is relatively new, and by design, is very legally ambiguous, and therefore difficult to punish. For example, very few in the U.S. would be willing to start a war over the 2015 White House and State Department Attacks, however it raises the question: “What is the appropriate response to this type of infringement?”
Partially due to this issue, the current cyber defense systems in place in the U.S. are, unfortunately, very decentralized, with most organizations being responsible for securing their own networks. This leads to situations akin to the Moonlight Maze Intrusion, where Russian actors can take advantage of a smaller, weaker entry point, and maneuver to larger more vital targets from this weaker entry point. This flaw is especially brought to light when comparing U.S. to Russian cyber doctrine, where we see that “while Russia along with China emphasizes a comprehensive cyber security arrangement including cybercrime, espionage and cyber war, the U.S. remains mainly interested in fighting cybercrime.”
There are several possible ways the U.S. could strengthen itself against Russian cyberattacks. Restarting U.S. Cyber Command’s offensive operations against Russia could allow the U.S. to counter Russian attacks, as well as reinstate some level of deterrence against foreign adversaries. Successful operations, such as the 2018 Internet Research Agency Disruption have proven extremely effective in disrupting Russian intelligence, cyber operations, and attacks, as well as in deterring possible future operations.
Additionally, the DOD could implement target hardening strategies at all levels of government, as well as in all possible critical infrastructure areas. Target hardening refers to measures taken to strengthen cyber defenses of critical targets to reduce vulnerabilities and limit potential adversary access points, as well as deter would-be attackers. As we have seen, the U.S. cyber defense network is only as strong as its weakest link, and as such, all possible attack points, even at the lowest level, deserve priority. Increasing security at lower levels of critical infrastructure, and further expanding the security umbrella to targets, such as the Colorado School of Mines, can help ensure that all infrastructure is secure.
The US government has long considered cyber protection to be a matter of individual and secondary responsibility. However, in 2026 it is becoming more and more apparent how much of a threat cyberattacks from Russia are. It would seem that without a more coordinated and firm response to these attacks, foreign adversaries, and specifically Russia, will only continue to exploit this rather large loophole in American security policy.
