Of note, the IRA has been rapidly shut down in the wake of the revolt. While some may see this as a submissive move to unwind Prigozhin’s interests from those of the state, evidence exists that the closure was forced. Russian security services conducted raids in the hours prior to the shuttering of the IRA, and the man who was attempting to sell assets on Prigozhin’s behalf has now disappeared. Western analysts would do well to scrutinize apparent attempts to reconstitute the company on Prigozhin’s part – or another’s – as an indicator of such an intention to capitalize on a well-established capacity for cyber antagonism.
The less nebulous short-term implication of the Wagner revolt for digital security is the rapid evolution of the information conflict surrounding Ukraine, Russia, and European perspectives on the conflict. Now, the revolt gives the information war new dimensionality. Specifically, Prigozhin and other elites with substantial technological resources have an incentive to degrade the traditional narrative power of Putin’s security state. Indeed, hackers apparently tied to Wagner have already targeted a major satellite provider in Russia – Dozor – to post support for the revolt across numerous websites. This is a continuation of Prigozhin’s use – either directly or otherwise – of an extensive army of hackers, trolls, and propagandists for his own purposes. This force has been employed in information wars across Africa, Europe, and Asia, and has recently been leveraged to help Prigozhin bypass the information controls of the Russian state to influence both elites and the general public.
Importantly, Western planners and cyber defenders should not see only downsides for an embattled Russian state in this evolution of the information war. The degree to which the recent revolt played out largely on the internet – with information and rhetoric largely being fed to both Russian and global populations via Telegram, Twitter, and similar platforms – shows that the spread of influence beyond Russian networks remains a critical corollary of narrative control for those positioning themselves for the next stage of oligarch-politik.
Long-term cybersecurity implications of a shaken Russian bear
In the long-term, changes in both the optics and the behind-the-scenes maneuvers of power politics in Russia stand to shift the global cybersecurity landscape. Russia has sustained one of the most extensive and permissive cybercrime ecosystems in the world for more than two decades. The benefits of doing so have been enormous for oligarchs and, by proxy, for Putin.
Russian elites have padded their pockets to the tune of billions of dollars from cybercriminal enterprise, and Moscow’s security services have regularly incorporated criminal capabilities into their hybrid warfighting techniques for interfering around the world. Significantly, the whole thing has worked in large part due to a set of norms enforced by the state and broadly observed by criminal actors. Specifically, don’t disrupt or antagonize within Russian IP space and the state will look the other way on cyber transgressions (except in rare cases where they work against Moscow’s interests).
Today, authority in Russia has likely become more diffuse than it has been for more than two decades. Again, Putin maintains a web of powerful subordinates spread across business, government, security services, the military, local politics and critical industries. Importantly, this web of subordinates only makes Putin powerful if Putin can manage and sustain their competition.
As some have noted, the idea that a regional governor, for instance, may be unwilling to take the Kremlin’s call on key issues is suddenly realistic today where it would have been unthinkable months ago. The degradation of Putin’s authority, if it cannot be recovered, means that Russian elites will likely increasingly – even if just occasionally – react to incentives for operation that don’t line up with Moscow’s interests.
In cyber terms, this may mean that the patrons of criminal enterprise in Russia will permit activity that runs counter to these state interests. A major ransomware attack in the West at a time where Putin is attempting to establish credibility to reach a favorable war-ending deal with Ukraine and NATO, for instance, would have been unlikely not long ago.
Additionally, the territorial sanctity of the Russian homeland in cyber terms may also become an untenable reality, as the expanding information war around the revolt sees an increasing volume of demonstrative harassment – e.g., the Dozor attack – and influence activities targeting domestic society. Traditional allies are already pulling back to arm’s length, such as Kazakhstan who is holding a wanted cybersecurity expert for possible extradition to Washington even as Moscow has asked for the fugitive.
Beyond the very real ramifications of the shifting optics of power in Russia, a reshuffle of elites that play a role in shaping Moscow’s security posture will also impact cybersecurity futures. An interesting development in the Wagner revolt episode is reporting that certain generals and possibly others within Russia’s security establishments knew of Prigozhin’s plot and supported it, even though they failed to speak out when the time came. There is even a picture from the hours of the revolt of Prigozhin in Rostov with Vladimir Alekseyev, the first deputy head of the GRU, Russia’s military intelligence service. On camera, Alekseyev seemed to align with Prigozhin, stating of military leader’s that Wagner could “take them away.”
It seems likely that a purge of sorts is underway, though Putin cannot act rapidly in all cases lest he be seen to have kowtowed to Prigozhin’s demands. One prominent general has already gone missing, and others have been curiously absent from the spotlight. The role of the GRU, the agency that has directly overseen Wagner for years, in supporting the revolt in any form remains unclear.
From a cybersecurity perspective, the likelihood that the GRU will be diminished or placed under new leadership is interesting because the organization has largely been behind Russia’s hyper-aggressive global digital interference operations over the past decade. As many have reported, the modern GRU substantially turned to hacking and social media-aided political interference following the Georgian war of 2008. There, Putin was embarrassed by failures in intelligence that led to Russian sloppiness on the battlefield and threatened the GRU with irrelevancy. In response, the GRU took a range of steps to aggressively support cyber operations and disinformation campaigns to bolster Russian interests abroad, including sponsoring the Wagner Group. Clearly, a shake-up and new direction could mean a changed character of Russian cyber engagement going forward.
This said, it’s not clear what an impacted GRU and other leadership shuffles would exactly do for Russia’s cyber posture. There is a reasonably solid basis for thinking that this tumult will be a plus for Western defenders and planners. This is because Russia’s cyber operational prowess, extensive as it is in raw terms, mirrors its battlefield capabilities – tactically sound but operationally and strategically sloppy.
The SolarWinds attack is a great example of this dynamic wherein a sophisticated supply chain compromise went unleveraged by the FSB. Russian hackers often accomplish impressive and creative feats of malicious intrusion only for it to be underutilized for strategic gains. Cyber combined arms, in other words, is not a Russian strength, and the purge of established personnel in the GRU, the military, or elsewhere will simply cement this dynamic.
Geopolitics matter for cybersecurity risk assessment
On balance, cybersecurity audiences often under-assess the impact of major political events that don’t have a clear cyber component on digital security futures. Recent events in Russia, still unfolding, cannot be seen in the same light.
Russia has been at the heart of malicious global cybersecurity activities across several dimensions for decades. Recognizing that the exact character of that dynamic stems directly from the unique divide-to-rule autocratic political system devised by Putin to build power and survive politically is critical for those attempting to chart future risk in the space. A recalcitrant oligarchy in Moscow may change many of the dynamics that have defined our understanding of Russian cyber posture for years, necessitating new approaches to deterrence and active defense. So too might a retrenchment of Putin’s power via political reshuffling and the demotion of security actors like the GRU from their current positions of authority.
Either way, a shaken Russian bear means evolution for global cybersecurity. Only time will tell whether this evolution will be a positive and whether we will want to thank Evgeny Prigozhin for his mutiny.