OODA Loop – Will Russia Turn To Cybercrime To Balance Tough Economic Sanctions?


Since the Russian invasion of Ukraine began, the conflict has spread into cyberspace, with state and non-state actors taking sides and conducting a variety of destructive operations. Russian state officials have launched eight new types of malware attacks on Ukraine, affecting governments, businesses, financial institutions and energy organizations, as well as a US satellite communications provider. Ukrainian supporters have also reacted in the same way. The notorious hacktivist group Anonymous and the Volunteer IT Army of Ukraine have retaliated against the Russian government and military entities in kind. They have doxed thousands of Russian soldiers’ information and even disrupted Belarusian railway lines to slow the movement of Russian troops. The failure to produce cyber “shock and awe” has led many to believe that Russia may not be able to produce one.

As the cyberwar rages on, several governments in the global community have imposed a series of tough economic sanctions on Moscow. Currently, Russia is the country with the most sanctions in the world, well ahead of governments like North Korea and Iran, which previously held the top spot. The longer the conflict lasts, the more Russia suffers economically, which is a key goal of sanctions. However, without aggressively targeting Russia’s powerful oil industry, sanctions may not yield favorable results in a timely manner. Recent evidence has shown that Russia has withstood sanctions so far, with its ruble strengthening, not weakening.

While sanctions are an important tool to influence a state’s behavior, they take time to have an intended effect. Therefore, it is necessary for the world community to target Moscow where it hurts the most. Russia is currently the third largest oil producer in the world (behind the United States and Saudi Arabia) and earns about $720 million a day from its oil industry. According to the International Energy Agency, Europe receives almost half of Russia’s crude and petroleum exports. So it’s easy to understand why Europe hasn’t joined forces with other countries to sanction Russian oil.

But should Europe and some other major oil consumers intervene, there is a real chance of damaging Russia economically. In such a case, Russia may need to employ tactics to evade them, or find a course of action that at least lessens their impact. While there are myriad ways around sanctions, Moscow could find itself in a tight position and choose to follow North Korea’s steps to find sanctions lifting. Since at least 2015, North Korea has been involved in activities typically associated with cybercriminals, such as bank robberies, cryptocurrency theft, ATM withdrawals, and ransomware operations. Additionally, North Korea has successfully turned to cryptocurrency mining to make money and offset the crippling effects of sanctions. North Korea has earned approximately $2 billion to fund its program of mass destruction and has recently been linked to a $620 million cryptocurrency theft. Additionally, North Korea has continued and increased its cryptocurrency mining efforts to further offset sanctions.

Russia has a strong cybercriminal ecosystem that has consistently proven itself to be sophisticated, enterprising, aggressive and very capable of both developing new tools and providing services to other criminals. In 2021, global cybercrime generated nearly $6 trillion, with more than $400 million coming from ransomware payments. This is remarkable considering that 74 percent of those ransomware payments went to Russian gangs. This does not even include other cybercrime-as-a-service offerings from which Russian cybercriminals make money. Furthermore, the Russian cybercrime community is fiercely loyal to Moscow and unofficially operates under the following code: Do not hack Russian organizations or individuals; When Russian intelligence asks for your help, give it; and be careful where you vacation. In fact, at the beginning of the Ukraine conflict, several Russian cybercriminal gangs declared their support for Moscow and conducted operations against Ukrainian targets in order to cause damage and not make any profit.

Russian cybercrime promotes cryptocurrency money laundering. Russia-based individuals and groups have a large share in “activities in various forms of cryptocurrency-based crime.” According to a company that tracks cryptocurrencies, Russia has several cryptocurrency companies that have processed significant transactions from illegal (i.e. criminal or to criminal) addresses. Crypto mining offers such value that the United States sanctioned Russia’s largest company and the world’s largest hosting provider for green cryptocurrency mining. BitRiver in late April 2022, expecting Moscow to use this route to lift sanctions. As a result of such actions, Moscow could use its cybercriminals to engage in these activities on a large, global scale.

The world is already preparing for Russian cyberattacks targeting countries that support Ukraine with financial and/or military aid. On April 20, US government agencies and international partners released a recommendation on the Russian state-sponsored and Russian cybercriminal threat to conduct disruptive attacks on critical infrastructure. This follows similar US government recommendations in January (focusing on Russian cyber activities targeting critical infrastructure) and March (focusing on Russian cyber activities targeting the energy sector). And while these attacks may very well happen, Russia could capitalize on these warnings by directing its more sophisticated and successful cybercriminals to engage in cybercrime that benefits Moscow.

In this capacity, they not only attract their intent, but also attract worldwide attention and serve as a useful distraction to other criminal endeavors. In addition, Russian cybercriminals are more inclined to target large profitable companies outdoors Countries in the immediate region or supporting Ukraine. Countries that believe they are far from the conflict may be less inclined to suspect they are being attacked by proxies from both sides, reducing their vigilance to the Russian threat. Only Moscow can determine if it has reached the economic threshold of needing cash to meet the financial demands of an ongoing military effort and keeping civilian discontent to a minimum. Moscow turning to its cybercrime ecosystem for help may be the best sign that Russia may be finished, encouraging the world community to increase its economic leverage over Moscow to end this conflict.

Discover OODA research and analysis

Use OODA Loop to improve your decision making on any contest venture. Discover OODA Loop

decision intelligence

The most important factor in your success will be the quality of your decisions. We examine frameworks to understand and mitigate risks while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a central theme in this area. Discover decision intelligence

Disruptive/Exponential Technology

We follow the rapidly changing world of technology with a focus on what leaders need to know to improve decision making. The future of technology is being created now and we deliver insights that enable better action based on the future of technology. We offer deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Discover Disruptive/Exponential Tech

security and resiliency

Security and resilience topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cyber security, nation-state conflict, non-nation-state conflict, global health, international crime, supply chains, and terrorism. Discover security and resiliency


The OODA community includes a broad group of decision makers, analysts, entrepreneurs, government leaders and technology developers. Interact with and learn from your peers through monthly online meetings, OODA salons, the OODAcast, in-person conferences, and an online forum. Interact with leaders via a closed Wickr channel for the most sensitive discussions. The community also has access to a members-only video library. Discover the OODA community


About Author

Comments are closed.