Stymied in Ukraine, Putin’s Government Resorts to Covert Sabotage and Panic-Mongering in the West
Putin’s government wages psychological warfare against Ukraine's allies, exploiting crises, from bank failures to chemical disasters, to sow panic and amplify popular discontent.
As Russia’s war on Ukraine grinds into its second year, much ink has been spilled in speculation on when and how it will end. Analysts debate how long Putin can cling to power. Rumors of severe health problems and impending death have appeared and disappeared repeatedly over the years. Some commentators speculate that the pressure of battlefield failures and sanctions-induced economic hardships will bring an end to Putin’s rule. Predictions of a post-Putin future range from optimistic hopes for a more-democratic government or new generation of capable leaders to more pessimistic scenarios involving a military junta, a bloody free-for-all among rival armed militias, or a dictatorship as bad as Putin’s. That is the subject for another essay.
For now, however, Putin seems determined to stay in power and continue the war, which he has portrayed as a war against the entire Western-dominated world order. Analysts assess Putin feels he has a mission to undo the humiliation of the Soviet breakup, or even to recreate the Russian empire. Domestically, Putin seeks to maintain his image as a strong leader who protects Russia against existential threats; a loss of face could lead to a loss of power. If he loses the presidency, he reportedly fears facing either a prison cell or a brutal end like that of former Libyan dictator Muammar Qaddafi. Especially after the International Criminal Court officially indicted Putin for war crimes on 17 March 2023, he likely fears he may have nowhere to run. Although some commentators have called for “off-ramps” that would allow Putin to declare at least partial victory and stand down, he has vowed to continue the fight, and Ukrainian President Volodymyr Zelensky also shows no sign of readiness to back down.
Mobilizing for a War of Attrition
On the ground, Putin seems determined to hold the line in bitter trench warfare, potentially for a year or more, while waiting for the international community to tire of supporting Ukraine. Debate has raged over whether or not time is on Putin’s side—whether international support for Ukraine will endure “as long as it takes,” in official Western parlance, or whether it will decline over time. Media reports initially suggesting the possible involvement of a pro-Ukrainian group in blowing up the Russia-controlled Nord Stream pipeline in September 2022—though this could be a false flag—could also erode Western support for Ukraine. Whether or not it is logical for Putin to continue fighting, he likely will.
On the front lines, thousands of newly mobilized and mercenary soldiers have lost their lives in human-wave attacks around the Ukrainian city of Bakhmut. In occupied territories the Russian government has been entrenching itself—forcing local residents to use Russian Internet providers, imposing Russian patriotic education, and in many cases forcing local men to fight on the Russian side—while devastating the economy of Ukrainian-held territories.
Within Russia, Putin’s government has attempted to muster manpower, supplies and public support for the war without yet demanding the sacrifices that could spark domestic rebellion. In March, contradictory messaging about a possible second military mobilization, further regimentation of political speech, and military exemptions for IT workers suggest disagreements within the Russian leadership about the balance between mobilization and mollification of the Russian population. While brutally repressing anti-war speech, Putin’s government has allowed warlords such as Yevgeniy Prigozhin, head of the Wagner mercenary army, and militaristic bloggers such as former separatist organizer Igor Girkin to criticize Russia’s military establishment for its failures on the battlefield. The assassination of a Prigozhin-friendly military blogger in Saint Petersburg, Russia on 2 April 2023—whether carried out by pro-Ukrainian forces, Russian intelligence services, or a criminal or business rival--raises the tension and fear within Russia itself.
Polls suggest Putin’s government has managed to keep the population’s support or passive acceptance of the war, including by appealing to genuine popular pride in the Soviet Union’s sacrifices in defeating Nazi Germany in the so-called “Great Patriotic War.” Reputable Russian public opinion pollster Levada found in a late February 2023 poll, for example, that 78% of respondents claimed to support the actions of Russian military forces in Ukraine, and 63% said the “special operation” in Ukraine was going more-or-less successfully. Levada chief Lev Gudkov has said, “The Russians have little compassion for the Ukrainians...Only an average of 10 per cent of the population feels guilt or shows empathy.” The Russian population apparently shares what Jade McGlynn of King’s College London has called Putin’s “fetid obsessions” with Russia’s humiliation and with perceived Western hypocrisy, as well as his sense that Russia has a “moral right to great power domination of others.”
Other analysts argue, conversely, that Russians’ statements to interviewers and pollsters can be misleading. Germany-based analyst Yekaterina Shulman notes, "There is no such thing as support in a non-free society" like Russia, adding that 90-95% of Russians refuse to answer pollsters and thus remain unrepresented in polls, and that only 20-30% of the population likely really supports the war. Analyses of alternative indicators, such as curse words in Internet search terms and reported declines in Russians’ mental well-being, suggest flagging domestic support for the war. The Wilson Center, a Washington DC think tank, wrote, “The ’support for the war’ of the median electorate is internally contradictory, unstable, and unconsolidated. Events can lead to unexpected shifts." A sanctions-fuelled slowdown in Russia’s economy will likely exacerbate quiet discontent; Russian oil and gas revenues declined 46% between January 2022 and January 2023, “hidden unemployment” has reached 13 percent, and Russian companies are suspending investments in new capacity.
With limited successes on the battlefield and uncertain support in the domestic population, Russian strategists carry on asymmetric battles on the psychological front to wear down the morale of Ukrainians and their supporters.
Wearing Down the Resolve of Ukraine and its Supporters
Globally, Putin’s government continues information operations to divide, discredit, demoralize, and distract the populations of Ukraine and its allies. Russian information warriors use a combination of cyber or physical disruption and psychological manipulation. “Russia sees attacks on civilian critical infrastructure and social media manipulation as one and the same mission, which is essentially an attack on the enemy’s will to fight,” as John Hultquist of the cybersecurity company Mandiant commented after leaked documents showed Russian software contractor Vulkan offering both kinds of services for the Russian military.
Psychological War of Attrition
In the realm of psychological warfare, Russian have used inauthentic social media personas to post and amplify inflammatory messaging and disinformation on social media. In one example reported on 5 March 2023, a social media account that formerly posted in Russian and advertised cryptocurrency schemes subsequently began portraying itself as a city council member in Atlanta, Georgia, and has been posting pro-Russian, anti-Ukrainian sentiments.
Screenshot of Twitter Account Posing as an Atlanta City Council Member, Cached on 17 September 2022, http://web.archive.org/web/20220917003509/twitter.com/proogb
Themes of the disinformation operations include messages that resonate among many people in the West: that sanctions do not work; that aid to Ukraine is too expensive and harms working people at home; that helping Ukraine could escalate the conflict to a nuclear war; or that weapons donated to Ukraine were supposedly being diverted.
Russian rhetoric seeks to erode unity among countries supporting Ukraine. For example, frequent references to the nefarious deeds of the “Anglo-Saxon” countries—particularly the United States and United Kingdom—appear intended to widen existing disagreements with France and Germany. Putin claimed on 14 March that Germany’s reluctance to attribute the Nord Stream pipeline blast to the United States shows German politicians are still mentally “occupied” by the victorious WWII allies. Russia encourages anti-NATO, anti-Ukraine political forces in many countries; protesters in places like Moldova and Germany carry Russian flags. Russian media outlets such as RT have helped sow ambivalence toward the Ukrainian cause in the “Global South” countries of Africa, Asia, and Latin America. South Africa, for example, has helped Russia evade sanctions.
Russia will also likely continue to use the energy weapon—reminding its customers of their dependence on Russian fossil fuel and withholding supplies until they make concessions. Russia declared in February 2023 that it would reduce crude oil production. Some Russia-origin cyber attacks on renewable energy entities, even if criminally motivated, align with Russian strategic goals of hindering the development of alternative energy sources and underlining the world’s dependence on Russian fossil fuels. Though Russia’s use of the energy weapon has made a surprisingly small impact on Europe, Russia could also weaponize exports of other key commodities such as aluminum, palladium, and nuclear fuels, as well as the nuclear fuel rods that power nuclear power plants in many countries.
Preparing for 2024
The Putin administration’s attempts at dividing Western societies while maintaining support at home in Russia could bear fruit in 2024, when Ukraine, Russia and the United States all have presidential elections. Republican candidates Donald Trump and Ron DeSantis have spoken against providing a “blank check” of aid to Ukraine. Russian hackers and information warriors allegedly attempted to sway elections in Ukraine in 2014, the US in 2016, and France in 2017, according to US indictments from 2018 and 2020 and other government reports. Russian information operations continued in the 2020 and 2022 US midterm elections, with inauthentic social media personas posing as enraged Americans and claiming that Democrats support aid to Ukraine at the expense of working-class Americans, according to the New York Times.
Sowing Panic and Popular Discontent in Western Countries
Another tactic Russia could use to undermine the current pro-Ukrainian US administration is sabotage of Western critical infrastructure. The US and other governments have issued numerous advisories on Russian state-sponsored and criminal cyber threats, particularly to critical infrastructure. Incidents such as the miscommunication that led to a false ballistic missile alert in Hawaii in 2018 give a taste of the harm that panic-mongering could cause.
Bank Runs
Social media-fueled rumors can also cause bank runs. Shortly before the 2022 invasion, a DDoS attack briefly disrupted two state-owned banks in Ukraine, and panic-mongering text messages falsely claimed that ATMs belonged to those banks were down. The US and UK governments attributed these operations to Russia’s military intelligence service, and on 19 February 2022 the US Cybersecurity and Information Security Agency warned that foreign governments could pair cyber threat activity against critical infrastructure with disinformation. As Silicon Valley Bank (SVB) collapsed in March 2023, Sputnik News, part of a Russian state global propaganda network that reportedly reaches over 300 million people in over 40 languages worldwide, was among those publishing dubious content that added to the confusion and panic. Several suspected Russian “grey propaganda” sites also amplified alarmist messaging about bank failures.
Exploiting a Chemical Disaster
In the wake of the 3 February 2023 train derailment and chemical spill in East Palestine, Ohio, as reports emerged of local residents suffering rashes, nausea, and other symptoms of chemical exposure, disinformation researcher Caroline Orr Bueno noticed something strange. On 12 February she tweeted, “The discourse around the train derailment & subsequent chemical release in East Palestine, OH, is incredibly bizarre. There seem to be an usually [sic] large number of crypto accounts joining in the discourse, plus a ton of conflicting reporting & very little authoritative information. It is markedly different than the discourse following other recent crisis events. .... this event has prompted an even more sensationalist, conspiratorial response than expected. And crypto.”
Bueno’s research identified an information campaign with possible links to Russia that apparently tried to inflame panic and outrage with improbable claims going beyond the real scale of the disaster. A website called Eden Reports spread claims that the contamination would spread upstream to the Ohio and Mississippi Rivers and depicted the incident as “America’s Chernobyl,” a reference to the 1986 nuclear accident that contributed to the fall of the Soviet Union. The Eden Reports website features artificial intelligence-generated “deepfake” author photos, often writes about Russia-related issues, has cited a Russian government spokesperson calling US President Joe Biden a “terrorist,” and has insinuated that the U.S. might have sabotaged the Nord Stream pipeline under the Baltic Sea in September 2022. This disinformation campaign exploited the real suffering and fears of local residents to help turn the incident into a national political issue.
The messaging aligns with political statements that criticized President Biden for visiting Kyiv instead of East Palestine. Athough it is unclear whether the Eden Reports campaign is backed by the Russian state, it resembles a chemical disaster-themed panic-mongering disinformation campaign that Russia’s Internet Research Agency, the troll farm that “Putin’s chef” and mercenary boss Yevgeniy Prigozhin founded, test-ran in 2014. Kremlin-backed propaganda outlets like globalresearch[.]ca published sensationalist headlines about both the East Palestine derailment and bank failures through March 2023, portraying these events as examples of systemic crisis in the United States, as in the screenshot below.
Cached Screenshot from Kremlin-Backed Disinformation Outlet globalresearch.ca, 21 March 2023
These attempts at panic-mongering resemble an extreme scenario that cybersecurity researcher Joe Slowik outlined in a 2019 conference presentation. In this scenario, an adversary could potentially take advantage of a natural disaster and carry out cyber operations together with disinformation to create panic and disarray (https://www.youtube[.]com/watch?v=n7XqxRXwFZ4). Though we have not yet seen a combination of all of these three elements—natural disaster, cyber operations, and disinformation—we have seen numerous cyber operations and some physical sabotage that in effect align with Russian state information goals.
Cyber and Physical Attacks on Critical Infrastructure
Russia-origin cyber threat activity has, on numerous occasions, paralyzed Western critical infrastructure. Russian military hackers crippled the Viasat satellite Internet operator on the morning of the February 24 invasion, apparently intending to disable Ukrainian military communications; collateral damage included a German wind farm and tens of thousands of European satellite internet customers knocked offline. Likely Russian military hackers have also directly targeted a NATO country, using the so-called Prestige ransomware against transportation and logistics entities in Poland.
In addition to Russian military cyber operations, some cyber threat activity that appears purely criminal, such as ransomware attacks, effectively align with Russian government strategic goals, whether or not the government has explicitly directed these operations (see the concept of “spaghetti on the wall” in the “Putin: Spy as Hero” story elsewhere on this website).
In May 2021 Russia-based ransomware operators breached Colonial Pipeline, bringing gas stations in the northeast US to a standstill and harming the reputation of pro-Ukrainian US President Joe Biden. The JBS meatpacking ransomware attack a few weeks later raised fears of US food shortages on the eve of the Memorial Day holiday; the US government has attributed the incident to the Russia-based REvil ransomware group. In April 2022, hackers associated with the Russian group Conti paralyzed most computer systems of the Costa Rican government and mocked the country for its closeness to the United States. Members of the well-organized Conti group have received targeting guidance from Russian government hackers at times, according to analyses of leaked Conti correspondence, raising the possibility of Russian government involvement in the campaign against Costa Rica. *Update March 20 2024: Evidence suggests that Mikhail Matveev a.k.a. Wazawaka, was the Conti affiliate who attacked Costa Rica; further discussed here.
Russia-based ransomware operators continue to target health-, education- and government-related websites in the US and other countries. They have aggressively pressured their victims, such as by threatening to release sensitive student records or graphic photos of cancer patients, potentially eroding public trust in these essential services. Pro-Russian criminal hacktivist groups such as Killnet have carried out distributed denial-of-service (DDoS) attacks to hinder access to websites of critical infrastructure in numerous countries that support Ukraine or criticize Russia. These have had limited effect but raised anxiety.
US government officials and cybersecurity professionals report a lingering sense of “foreboding” that Russia may not have exhausted its cyber capabilities. Some analysts and US officials warn that Russia could attempt increasingly “brazen” attacks on civilian infrastructure in both Ukraine and its allies, as well as disinformation to wear down audiences. Russian military threat actors have reportedly used a previously unreported “zero-day” vulnerability in the Microsoft Outlook mail program to compromise and spy on European energy, transportation, government, and military facilities. Similar efforts over the past year have done less damage than expected in Ukraine due to its cyber resilience, but critical infrastructure operators worldwide cannot afford to let down their guard.
Russia’s cybercriminal groups, some of whom have supported Russia’s war effort, are themselves in flux, suffering arrests, government sanctions, leaks, and takeovers by rival gangs. Some ten percent of Russia’s IT workforce left Russia in 2022, Russia’s Digital Development Minister has said; this exodus may have included some cyber criminals. These developments have disrupted the existing cybercrime ecosystem but also opened new possibilities for cyber criminals to diversify their networks and infrastructure. For example, since 2022 Killnet has developed forums where hacktivists and cyber criminals can come together to discuss tools and exchange cryptocurrency. Zarya, a Russian hacktivist entity formerly associated with Killnet and likely also affiliated with Russian military-supported hacktivist group Xaknet, has been adapting the Mirai malware that recruits compromised devices into botnets for use in DDoS attacks. Zarya has also claimed to have breached a Canadian gas distribution facility in February 2023 on orders from Russia’s Federal Security Service, journalist Kim Zetter has reported, citing allegedly leaked US military intelligence documents:
Physical Sabotage
Russian psychological operations to sow panic and dissension in western societies could also include inciting physical attacks on Western infrastructure. A rash of physical attacks on electrical substations in late 2022 and early 2023 left thousands of people without power for days at a time and heightened fears for US energy grids. Groups such as US accelerationists—white nationalists who seek to destabilize society through violent acts—have spoken of using attacks on substations in an attempt to start a civil war, researcher Caroline Orr Bueno notes. However, according to Bueno, at least one perpetrator, who reportedly bombed two substations in San Jose, California, was a Russian computer programmer whose social media posts suggested an interest in the energy infrastructure. Bueno comments, “The targeting of energy infrastructure is a tactic that has been used widely by Russia in Ukraine, so it’s not a huge stretch to imagine the same tactics being used here.” Other researchers have document Russian government efforts to use Russian diaspora communities to carry out “patriotic missions” abroad.
Eurasian Criminals as Deniable Tools
More broadly, Russian intelligence services have often exploited criminal groups to carry out deniable operations, a phenomenon that security analyst Mark Galeotti has dubbed “Crimintern,” analogous to the Comintern, the international Communist organization the Soviet Union used to exert global influence in the 1920s-1930s. Russian men, seeking to avoid military mobilization, have fled to countries like Georgia, Armenia, Kazakhstan, Cyprus, the UAE, Argentina and other countries. This diaspora could become a recruiting ground for crime groups whom Russian intelligence could pressure to help in the war effort.
August 9: Text was slightly edited to clarify sourcing.
Another incident: On May 22, a Verified Blue Check Twitter account calling itself Bloomberg Feed claimed that an explosion occurred at the US Pentagon that morning https://www.insider.com/ai-generated-hoax-explosion-pentagon-viral-markets-dipped-2023-5 .The image appeared to be AI-generated or otherwise manipulated. On this false news, the S&P Stock Index briefly lost $500 billion (https://twitter.com/jsrailton/status/1660679743266607105. This scenario resembles the bank-run scenarios anticipated in the report “Stymied in Ukraine, Putin’s Government Resorts to Covert Sabotage and Panic-Mongering in the West” (https://nattothoughts.substack.com/p/stymied-in-ukraine-putins-government)
It also resembles the 2013 hack of the AP News Service Twitter feed in 2013, which claimed that a bombing of the White House had injured US president Barack Obama and caused US stock markets to plunge briefly. The hack was attributed to the Syrian Electronic Army (SEA) (https://www.justice.gov/opa/pr/computer-hacking-conspiracy-charges-unsealed-against-members-syrian-electronic-army). Resemblances between the SEA's targeting and tactics and that of Russian pseudo-hacktivist groups suggests cooperation between them.
Today's false report received amplification from Russian entities; as the Insider article points out, “The photo was spread by dozens of accounts on social media, including RT, a Russian state-media Twitter account with more than 3 million followers — but the post has since been deleted. Most other accounts that retweeted the image appear to be affiliated with conspiracies or the war in Ukraine." Also of interest, one of the that accounts pushing the story also generated a false post last month claiming a White House bombing, https://twitter.com/jsrailton/status/1660687047932166155
Some users commented that this could be a test run for other such panic attacks.
John Scott-Railton, a social media analyst at CitizenLab, tweeted, "Exercise: ask yourself how disinformation like this plays out in the context of a real high stakes moment. Like, say, a report of an attack on the president with realistic pictures / video /audio...a few hours before polls close on Election Day 2024. We are unprepared."
(https://twitter.com/jsrailton/status/1660718041565372460)
The claimed incident mirrored incidents that were happening in Russia at the time, including reported explosions of government buildings in the Russian city of Belgorod.
People involved in the hoax could have capitalized on the brief stock market plunge and rebound to profit from stock manipulations.
In a recent example of a Russian influence operation exploiting a natural disaster, the wildfires in Hawaii, “Russian state media amplified a coordinated campaign” (https://weaponizedspaces.substack.com/p/watch-breaking-down-russias-disinformation) that had apparently been “initially seeded with inauthentic activity” and that exploited the Hawaiian tragedy to “promote divisiveness and make people think that the U.S. was neglecting Hawaii while sending continuing aid to Ukraine" (https://weaponizedspaces.substack.com/p/russia-amplifies-right-wing-influence), according to disinformation researcher Caroline Orr Bueno. See https://nattothoughts.substack.com/p/russian-bentley-and-ferrari-hackers